@citolab/qti-backend-firebase 0.0.3 → 0.0.5

package/dist/api/qti-data.js

@@ -1,22 +1,23 @@
-import { checkAssessmentCode, getPlannedStudent, getStartableAssessments, getStudentSessionInfo, getTeacherIdByCode, isStartable, updateStudentSessionState, } from "./../helpers/logic";
+import { createSessionForDelivery, getDelivery, getSession, getTestsetSessions, getTestsetSessionWithSessions, updateSessionState, processFeedbackSubmission, validateFeedbackData, saveFeedback, } from "./../helpers/logic";
 import { dateId } from "./../helpers/utils";
-import { getAssessmentId, getName } from "./../helpers/request-headers";
+import { Router } from "express";
 import NodeCache from "node-cache";
-import { getDatabase, getStudentGroupSessionInfo } from "../helpers";
-import { getFirestore, getStorage } from "../helpers/firebase";
+import { getFirestore } from "../helpers/firebase";
 import { body, param } from "express-validator";
-import { errorHandler, generalRateLimit, handleValidationErrors, heavyOperationLimit, imageUploadConfig, requireAuth, sendError, sendSuccess, } from "../helpers/endpoint-helpers";
+import { errorHandler, generalRateLimit, handleValidationErrors, requireAuth, requireAuthType, sendError, sendSuccess, } from "../helpers/endpoint-helpers";
 import { BaseImplementation } from "./app-specific/baseImplementation";
+import { getDatabase } from "../helpers";
 export function addQtiDataEndpoints(app, specificImplementation = new BaseImplementation()) {
+    const dataRouter = Router();
     const cache = new NodeCache({
         stdTTL: 300, // 5 minutes
         checkperiod: 60, // Check for expired keys every minute
     });
     // Apply global error handler
-    app.use(errorHandler);
+    dataRouter.use(errorHandler);
     /**
      * @openapi
-     * /checkCode:
+     * /session/start:
      *   post:
      *     tags:
      *       - Session
@@ -44,7 +45,7 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
      *       500:
      *         description: Internal server error
      */
-    app.post("/checkCode", [
+    dataRouter.post("/session/start", [
         generalRateLimit,
         body("code")
             .isString()
@@ -52,13 +53,27 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
             .isLength({ min: 1, max: 50 })
             .withMessage("Code must be between 1 and 50 characters"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
             const { code } = req.body;
-            const db = getDatabase(req.appId);
-            const sessionInfo = await getStudentSessionInfo(code.toUpperCase(), db, req.user.uid);
+            const db = getDatabase();
+            const sessionInfo = await getSession(code.toUpperCase(), db, req.user.uid);
+            // we need to store the mapping between userId and session code.
+            // so it is stored in the database and cache
             if (sessionInfo) {
+                const uppercaseCode = code.toUpperCase();
+                await cache.set(req.user.uid, {
+                    code: uppercaseCode,
+                    teacherId: sessionInfo?.teacherId,
+                    deliveryId: sessionInfo?.deliveryId,
+                });
+                const fs = getFirestore();
+                await fs.doc(db.AUTH.DOC(req.user.uid)).set({
+                    code: uppercaseCode,
+                    teacherId: sessionInfo?.teacherId,
+                    deliveryId: sessionInfo?.deliveryId,
+                });
                 return sendSuccess(res, { ...sessionInfo, userId: req.user.uid });
             }
             else {
@@ -72,7 +87,7 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
     });
     /**
      * @openapi
-     * /checkGroupCode:
+     * /delivery/start:
      *   post:
      *     tags:
      *       - Session
@@ -106,13 +121,13 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
      *       500:
      *         description: Internal server error
      */
-    app.post("/checkGroupCode", [
+    dataRouter.post("/delivery/session/start", [
         generalRateLimit,
-        body("groupCode")
+        body("code")
             .isString()
             .trim()
             .isLength({ min: 1, max: 50 })
-            .withMessage("Group code must be between 1 and 50 characters"),
+            .withMessage("Delivery code must be between 1 and 50 characters"),
         body("studentIdentification")
             .optional()
             .isString()
@@ -120,14 +135,26 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
             .isLength({ max: 100 })
             .withMessage("Student identification must not exceed 100 characters"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { groupCode, studentIdentification } = req.body;
-            const db = getDatabase(req.appId);
-            const sessionInfo = await getStudentGroupSessionInfo(groupCode.toUpperCase(), db, req.user.uid, studentIdentification);
-            if (sessionInfo) {
-                return sendSuccess(res, { ...sessionInfo, userId: req.user.uid });
+            const { code, studentIdentification } = req.body;
+            const db = getDatabase();
+            const delivery = await getDelivery(code.toUpperCase(), db);
+            // create a session based on the delivery.
+            // Create a unique code for the session to be able to restart the session and give it an unique id
+            if (!delivery) {
+                return sendError(res, 404, "Delivery not found");
+            }
+            const session = await createSessionForDelivery(db, req.user.uid, delivery);
+            const uppercaseCode = code.toUpperCase();
+            await cache.set(req.user.uid, uppercaseCode);
+            const fs = getFirestore();
+            await fs.doc(db.AUTH.DOC(req.user.uid)).set({
+                code: uppercaseCode,
+            });
+            if (session) {
+                return sendSuccess(res, session);
             }
             else {
                 return sendSuccess(res, null);
@@ -139,70 +166,76 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
         }
     });
     /**
-     * POST /feedback
-     * Endpoint to submit user feedback with optional screenshot
+     * @openapi
+     * /testsetSession/start:
+     *   post:
+     *     tags:
+     *       - Session
+     *     summary: Use to login by testset session code. Retrieves testset session with associated test sessions.
+     *     description: Checks if the provided testset session code is valid and retrieves the testset session information along with all associated test sessions.
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             required:
+     *               - code
+     *             properties:
+     *               code:
+     *                 type: string
+     *                 description: The testset session code.
+     *                 minLength: 1
+     *                 maxLength: 50
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved testset session information with associated test sessions or null if not found.
+     *       400:
+     *         description: Validation error
+     *       401:
+     *         description: Authentication failed
+     *       404:
+     *         description: Testset session not found
+     *       500:
+     *         description: Internal server error
      */
-    app.post("/feedback", [
-        heavyOperationLimit,
-        requireAuth,
-        imageUploadConfig.single("screenshot"),
-        body("type")
+    dataRouter.post("/testsetSession/start", [
+        generalRateLimit,
+        body("code")
             .isString()
             .trim()
             .isLength({ min: 1, max: 50 })
-            .withMessage("Type is required and must be between 1 and 50 characters"),
-        body("description")
-            .isString()
-            .trim()
-            .isLength({ min: 1, max: 2000 })
-            .withMessage("Description is required and must be between 1 and 2000 characters"),
-        body("feedbackId")
-            .isString()
-            .trim()
-            .isLength({ min: 1, max: 100 })
-            .withMessage("Feedback ID is required"),
-        body("email")
-            .optional()
-            .isEmail()
-            .withMessage("Must be a valid email address"),
-        body("pageUrl").optional().isURL().withMessage("Must be a valid URL"),
+            .withMessage("Testset session code must be between 1 and 50 characters"),
         handleValidationErrors,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { type, description, feedbackId, email, pageUrl } = req.body;
-            const userId = req.user.uid;
-            const file = req.file;
-            // Create feedback document in Firestore
-            const firestore = getFirestore();
-            const db = getDatabase(req.appId);
-            const firebaseDocPath = db.FEEDBACK.DOC(`${feedbackId}_${userId}`);
-            const feedbackRef = firestore.doc(firebaseDocPath);
-            await feedbackRef.set({
-                type,
-                description,
-                userId,
-                email: email || null,
-                pageUrl: pageUrl || null,
-                hasScreenshot: !!file,
-                createdAt: new Date().toISOString(),
-            });
-            // If there's a screenshot, upload it to Firebase Storage
-            if (file) {
-                const storage = getStorage();
-                const bucket = storage.bucket();
-                const storagePath = firebaseDocPath.replace(/^\//, "");
-                const storageFile = bucket.file(`${storagePath}.png`);
-                await storageFile.save(file.buffer, {
-                    metadata: {
-                        contentType: file.mimetype,
-                    },
-                });
+            const { code } = req.body;
+            const db = getDatabase();
+            const uppercaseCode = code.toUpperCase();
+            // Get the testset session with populated sessions
+            const result = await getTestsetSessionWithSessions(uppercaseCode, db, req.user.uid);
+            if (!result) {
+                return sendError(res, 404, "Testset session not found");
             }
-            return sendSuccess(res, undefined, "Feedback submitted successfully");
+            // Store the mapping between userId and testset session code
+            await cache.set(req.user.uid, {
+                code: uppercaseCode,
+                teacherId: result?.teacherId,
+                testsetId: result?.testsetId,
+                startableCodes: result?.sessionIds || [],
+            });
+            const fs = getFirestore();
+            await fs.doc(db.AUTH.DOC(req.user.uid)).set({
+                code: uppercaseCode,
+                teacherId: result?.teacherId,
+                testsetId: result?.testsetId,
+            });
+            return sendSuccess(res, result);
         }
         catch (error) {
-            console.error("Error submitting feedback:", error);
-            return sendError(res, 500, "Failed to submit feedback");
+            console.error("Error in testsetSession start:", error);
+            return sendError(res, 500, "Failed to start testset session");
         }
     });
     /**
@@ -240,7 +273,7 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
      *       500:
      *         description: Internal server error
      */
-    app.post("/student/log", [
+    dataRouter.post("/student/log", [
         generalRateLimit,
         body("type")
             .isString()
@@ -249,23 +282,23 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
             .withMessage("Type must be a string between 1-100 characters"),
         body("data").exists().withMessage("Data field is required"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
             const { type, data } = req.body;
-            const db = getDatabase(req.appId);
-            // Create log entry with timestamp and student ID
-            const logEntry = {
+            const db = getDatabase();
+            const { code, teacherId, deliveryId } = await getSessionInfoFromLoggedInUser(req);
+            let logEntry = {
+                createdAt: new Date().getTime(),
+                createdBy: req.user.uid,
                 type,
-                data,
-                timestamp: new Date().toISOString(),
-                studentId: req.user.uid,
-                appId: req.appId,
+                data: data,
             };
+            if (code) {
+                logEntry = { ...logEntry, code, teacherId, deliveryId };
+            }
             const firestore = getFirestore();
-            await firestore
-                .doc(db.STUDENT.LOG.DOC(req.user.uid, dateId()))
-                .set(logEntry);
+            await firestore.doc(db.SESSION.LOG.DOC(code, dateId())).set(logEntry);
             return sendSuccess(res, undefined, "Log entry created successfully");
         }
         catch (error) {
@@ -275,195 +308,166 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
     });
     /**
      * @openapi
-     * /assessment/checkCode:
+     * /student/log:
      *   post:
      *     tags:
-     *       - Session
-     *     summary: Use to login by code. The code is used to identify the assessment.
-     *     description: Checks if the provided assessment code is valid and retrieves session information for the student.
+     *       - Student
+     *     summary: Log student activity
+     *     description: Logs student activity data for debugging and analytics purposes.
      *     requestBody:
      *       required: true
      *       content:
      *         application/json:
      *           schema:
      *             type: object
+     *             required:
+     *               - type
+     *               - data
      *             properties:
-     *               code:
-     *                 type: string
-     *                 description: The assessment code.
-     *               identification:
+     *               type:
      *                 type: string
-     *                 description: Student identification.
+     *                 minLength: 1
+     *                 maxLength: 100
+     *                 description: The type/category of the log entry
+     *               data:
+     *                 description: Any data to be logged
      *     responses:
      *       200:
-     *         description: Successfully retrieved session information.
-     *       404:
-     *         description: Assessment not found
+     *         description: Successfully logged the data.
+     *       400:
+     *         description: Invalid request data
+     *       401:
+     *         description: Unauthorized
      *       500:
-     *         description: Error creating session
+     *         description: Internal server error
      */
-    app.post("/assessment/checkCode", [
+    dataRouter.post("/student/log", [
         generalRateLimit,
-        body("code")
-            .isString()
-            .trim()
-            .isLength({ min: 1, max: 50 })
-            .withMessage("Code is required"),
-        body("identification")
-            .optional()
+        body("type")
             .isString()
             .trim()
-            .isLength({ max: 100 }),
+            .isLength({ min: 1, max: 100 })
+            .withMessage("Type must be a string between 1-100 characters"),
+        body("data").exists().withMessage("Data field is required"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { code, identification } = req.body;
-            const db = getDatabase(req.appId);
-            const assessmentInfo = await checkAssessmentCode(db, code.toUpperCase());
-            if (!assessmentInfo) {
-                return sendError(res, 404, "Assessment not found");
-            }
-            if (assessmentInfo.isDemo) {
-                const demoInfo = {
-                    appId: req.appId,
-                    code,
-                    currentAssessmentId: assessmentInfo.assessmentId,
-                    sessions: [
-                        {
-                            assessmentId: assessmentInfo.assessmentId,
-                            assessmentName: assessmentInfo.name,
-                            sessionState: "not_started",
-                            packageId: assessmentInfo.packageId,
-                        },
-                    ],
-                    teacherId: assessmentInfo.teacherId || "general",
-                    isDemo: true,
-                };
-                return sendSuccess(res, demoInfo);
-            }
-            const studentInfo = await specificImplementation.createSessionInfoForStudent({
-                userId: req.user.uid,
-                assessmentId: assessmentInfo.assessmentId,
-                identification,
-                metadata: {
-                    isDemo: assessmentInfo.isDemo,
-                },
-            });
-            if (!studentInfo) {
-                return sendError(res, 500, "Error creating session");
-            }
-            return sendSuccess(res, studentInfo);
+            const { type, data } = req.body;
+            const db = getDatabase();
+            const { code, teacherId, deliveryId } = await getSessionInfoFromLoggedInUser(req);
+            const logEntry = {
+                createdAt: new Date().getTime(),
+                createdBy: req.user.uid,
+                type,
+                data: data && code ? { ...data, code, teacherId, deliveryId } : data,
+            };
+            const firestore = getFirestore();
+            await firestore.doc(db.SESSION.LOG.DOC(code, dateId())).set(logEntry);
+            return sendSuccess(res, undefined, "Log entry created successfully");
         }
         catch (error) {
-            console.error("Error in assessment checkCode:", error);
-            return sendError(res, 500, "Failed to check assessment code");
+            console.error("Error creating log entry:", error);
+            return sendError(res, 500, "Failed to create log entry");
         }
     });
     /**
      * @openapi
-     * /session/start:
-     *   post:
+     * /session/info:
+     *   get:
      *     tags:
      *       - Session
-     *     summary: Start a session
-     *     description: Starts a session for a student with the given assessment ID and identification.
+     *     summary: Get session info
+     *     description: Retrieves session information for the authenticated student.
      */
-    app.post("/session/start", [
-        generalRateLimit,
-        body("assessmentId")
-            .isString()
-            .trim()
-            .isLength({ min: 1 })
-            .withMessage("Assessment ID is required"),
-        body("identification").optional().isString().trim(),
-        body("metadata").optional().isObject(),
-        handleValidationErrors,
-        requireAuth,
-    ], async (req, res) => {
+    dataRouter.get("/session/info", [generalRateLimit, requireAuth], async (req, res) => {
         try {
-            const { metadata, assessmentId, identification } = req.body;
-            const db = getDatabase(req.appId);
-            const assessments = await getStartableAssessments(db);
-            const assessment = assessments.find((a) => a.assessmentId === assessmentId);
-            if (!assessment) {
-                return sendError(res, 404, "Assessment not found");
-            }
-            const validMetadata = metadata && typeof metadata === "object" ? metadata : undefined;
-            let sessionInfo = await specificImplementation.getSessionInfoForStudent(req.user.uid, assessmentId, identification);
-            const canStart = isStartable(assessment);
-            if (!sessionInfo && canStart) {
-                sessionInfo =
-                    await specificImplementation.createSessionInfoForStudent({
-                        userId: req.user.uid,
-                        identification,
-                        assessmentId: assessmentId,
-                        metadata: validMetadata,
-                    });
-            }
-            if ((sessionInfo && canStart) || sessionInfo?.isDemo) {
-                return sendSuccess(res, { ...sessionInfo, userId: req.user.uid });
+            const { code } = await getSessionInfoFromLoggedInUser(req);
+            const fs = getFirestore();
+            const db = getDatabase();
+            const sessionRef = fs.doc(db.SESSION.DOC(code));
+            const sessionSnapshot = await sessionRef.get();
+            const session = sessionSnapshot.exists
+                ? sessionSnapshot.data()
+                : null;
+            if (session) {
+                return sendSuccess(res, session);
             }
             else {
-                return sendSuccess(res, null);
+                return sendError(res, 404, "Session not found");
             }
         }
         catch (error) {
-            console.error("Error starting session:", error);
-            return sendError(res, 500, "Failed to start session");
+            console.error("Error getting session info:", error);
+            return sendError(res, 500, "Failed to get session info");
         }
     });
     /**
      * @openapi
-     * /session/info:
+     * /testsetSession/info:
      *   get:
      *     tags:
      *       - Session
-     *     summary: Get session info
-     *     description: Retrieves session information for the authenticated student.
+     *     summary: Get testset session info
+     *     description: Retrieves testset session information with associated test sessions for the authenticated student.
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved testset session information with associated test sessions.
+     *       401:
+     *         description: Authentication failed
+     *       404:
+     *         description: Testset session not found
+     *       500:
+     *         description: Internal server error
      */
-    app.get("/session/info", [generalRateLimit, requireAuth], async (req, res) => {
+    dataRouter.get("/testsetSession/info", [generalRateLimit, requireAuth], async (req, res) => {
         try {
-            const assessmentId = getAssessmentId(req);
-            const identification = getName(req);
-            const sessionInfo = await specificImplementation.getSessionInfoForStudent(req.user.uid, assessmentId, identification);
-            if (sessionInfo) {
-                return sendSuccess(res, sessionInfo);
+            const db = getDatabase();
+            const { code: uppercaseCode } = await getSessionInfoFromLoggedInUser(req);
+            if (!uppercaseCode) {
+                return sendError(res, 404, "No active session found for user");
             }
-            else {
-                return sendError(res, 404, "Session not found");
+            // Get the testset session with populated sessions
+            const result = await getTestsetSessionWithSessions(uppercaseCode, db, req.user.uid);
+            if (!result) {
+                return sendError(res, 404, "Testset session not found");
             }
+            return sendSuccess(res, result);
         }
         catch (error) {
-            console.error("Error getting session info:", error);
-            return sendError(res, 500, "Failed to get session info");
+            console.error("Error getting testset session info:", error);
+            return sendError(res, 500, "Failed to get testset session info");
         }
     });
     /**
      * @openapi
-     * /session/{assessmentId}/context:
+     * /session/{code}/context:
      *   get:
      *     tags:
      *       - Session
      *     summary: Get session context
-     *     description: Retrieves session context for a specific assessment.
+     *     description: Retrieves session context for a specific session.
      */
-    app.get("/session/:assessmentId/context", [
+    dataRouter.get("/session/:code/context", [
         generalRateLimit,
-        param("assessmentId")
+        param("code")
             .isString()
             .trim()
             .isLength({ min: 1 })
-            .withMessage("Assessment ID is required"),
+            .withMessage("Session code is required"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { assessmentId } = req.params;
-            const db = getDatabase(req.appId);
-            const code = await specificImplementation.getCodeByUserId(req.user.uid, assessmentId);
+            const { code } = req.params;
+            const db = getDatabase();
+            const uppercaseCode = code.toUpperCase();
+            const { startableCodes } = await getSessionInfoFromLoggedInUser(req);
+            if (!startableCodes.includes(uppercaseCode)) {
+                return sendError(res, 403, "Code mismatch");
+            }
             const firestore = getFirestore();
-            const sessionRef = firestore.doc(db.STUDENT.SESSION.DOC(code, assessmentId));
+            const sessionRef = firestore.doc(db.SESSION.TEST_CONTEXT(code));
             const context = await sessionRef.get();
             return sendSuccess(res, context.exists ? context.data() : null);
         }
@@ -474,34 +478,38 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
     });
     /**
      * @openapi
-     * /session/{assessmentId}/context:
+     * /session/{code}/context:
      *   post:
      *     tags:
      *       - Session
      *     summary: Update session context
      *     description: Updates session context for a specific assessment.
      */
-    app.post("/session/:assessmentId/context", [
+    dataRouter.post("/session/:code/context", [
         generalRateLimit,
-        param("assessmentId")
+        param("code")
             .isString()
             .trim()
             .isLength({ min: 1 })
-            .withMessage("Assessment ID is required"),
+            .withMessage("code is required"),
         body("state").optional().isString(),
         body("items").optional().isArray(),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { assessmentId } = req.params;
+            const { code: routeCode } = req.params;
             const testContext = req.body;
-            const db = getDatabase(req.appId);
-            const code = await specificImplementation.getCodeByUserId(req.user.uid, assessmentId);
-            const cacheKey = `test-context-${req.appId}-${code}-${assessmentId}`;
-            let previousState = cache.get(cacheKey);
+            const db = getDatabase();
+            const code = routeCode.toUpperCase();
+            const { code: codeRetrievedFromUser, teacherId, deliveryId, startableCodes, } = await getSessionInfoFromLoggedInUser(req);
+            if (!startableCodes.includes(code)) {
+                return sendError(res, 403, "Code mismatch");
+            }
+            const sessionKey = `test-context-${code}`;
+            let previousState = cache.get(sessionKey);
             const firestore = getFirestore();
-            const sessionRef = firestore.doc(db.STUDENT.SESSION.DOC(code, assessmentId));
+            const sessionRef = firestore.doc(db.SESSION.TEST_CONTEXT(code));
             if (!previousState) {
                 const previousContext = await sessionRef.get();
                 if (previousContext.exists) {
@@ -511,14 +519,22 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
             }
             const batch = firestore.batch();
             if (previousState !== testContext.state) {
-                cache.set(cacheKey, testContext.state, 60 * 60 * 1000); // 1 hour
-                const teacherId = await getTeacherIdByCode(db, code);
+                cache.set(sessionKey, testContext.state, 60 * 60 * 1000); // 1 hour
+                const teacherId = await getTeacherIdBySessionCode(code);
                 if (!teacherId) {
                     return sendError(res, 404, "Teacher not found for this code");
                 }
+                // Get session to extract assessmentId
+                const sessionDocRef = firestore.doc(db.SESSION.DOC(code));
+                const sessionDoc = await sessionDocRef.get();
+                const session = sessionDoc.data();
+                const assessmentId = session?.assessmentId;
+                if (!assessmentId) {
+                    return sendError(res, 404, "Assessment ID not found for this session");
+                }
                 await Promise.all([
-                    specificImplementation.testContextToTeacher(code, assessmentId, testContext, batch),
-                    updateStudentSessionState(db, code, assessmentId, testContext?.state ?? "not_started", batch),
+                    specificImplementation.testContextToTeacher(code, assessmentId, deliveryId, teacherId, testContext, batch),
+                    updateSessionState(db, code, testContext?.state ?? "not_started", batch),
                     specificImplementation.updateItemStats(teacherId, assessmentId, code, testContext.items, "teacher", batch),
                 ]);
             }
@@ -531,53 +547,235 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
             return sendError(res, 500, "Failed to update session context");
         }
     });
+    const getSessionInfoFromLoggedInUser = async (req) => {
+        if (cache.get(req.user.uid)) {
+            return cache.get(req.user.uid);
+        }
+        const db = getDatabase();
+        const fs = getFirestore();
+        const sessionRef = fs.doc(db.AUTH.DOC(req.user.uid));
+        const data = await sessionRef.get().then((doc) => doc.data());
+        const { code, teacherId, deliveryId, testsetId } = data || {};
+        // Build list of startable codes
+        const startableCodes = [];
+        // If we have a code from sessionRef, add it to startable codes
+        if (code) {
+            startableCodes.push(code);
+        }
+        // If no session found in sessionRef, check testsetsessions using testsetId
+        if (testsetId) {
+            try {
+                const testsetSession = await getTestsetSessions(code, db);
+                if (testsetSession && testsetSession.sessionIds) {
+                    startableCodes.push(...testsetSession.sessionIds);
+                }
+            }
+            catch (error) {
+                console.error("Error fetching testset sessions:", error);
+            }
+        }
+        const result = { code, teacherId, deliveryId, testsetId, startableCodes };
+        cache.set(req.user.uid, result);
+        return result;
+    };
+    const getTeacherIdBySessionCode = async (code) => {
+        if (cache.get(code)) {
+            return cache.get(code);
+        }
+        const db = getDatabase();
+        const fs = getFirestore();
+        const sessionRef = fs.doc(db.SESSION.DOC(code));
+        const sessionDoc = await sessionRef.get();
+        const teacherId = sessionDoc.data()?.teacherId;
+        cache.set(code, teacherId);
+        return teacherId;
+    };
     /**
      * @openapi
-     * /session/{assessmentId}/sessionState:
-     *   post:
+     * /session/{code}/update:
+     *   put:
      *     tags:
      *       - Session
-     *     summary: Update session state
-     *     description: Updates the session state for a specific session.
+     *     summary: Update student session information
+     *     description: Updates specific fields of a student session.
+     *     parameters:
+     *       - in: path
+     *         name: code
+     *         required: true
+     *         schema:
+     *           type: string
+     *         description: The session code
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             description: Partial session data to update
+     *     responses:
+     *       200:
+     *         description: Successfully updated session information.
+     *       403:
+     *         description: Code mismatch
+     *       500:
+     *         description: Internal server error
      */
-    app.post("/session/:assessmentId/sessionState", [
+    dataRouter.put("/session/:code/update", [
         generalRateLimit,
-        param("assessmentId")
+        param("code")
             .isString()
             .trim()
             .isLength({ min: 1 })
-            .withMessage("Assessment ID is required"),
-        body("sessionState")
+            .withMessage("Session code is required"),
+        handleValidationErrors,
+        requireAuthType("student"),
+    ], async (req, res) => {
+        try {
+            const { code } = req.params;
+            const data = req.body;
+            const db = getDatabase();
+            const uppercaseCode = code.toUpperCase();
+            const { code: codeRetrievedFromUser, startableCodes } = await getSessionInfoFromLoggedInUser(req);
+            if (!startableCodes.includes(uppercaseCode)) {
+                return sendError(res, 403, "Code mismatch");
+            }
+            const firestore = getFirestore();
+            const sessionRef = firestore.doc(db.SESSION.DOC(uppercaseCode));
+            await sessionRef.update(data);
+            return sendSuccess(res, undefined, "Session updated successfully");
+        }
+        catch (error) {
+            console.error("Error updating session:", error);
+            return sendError(res, 500, "Failed to update session");
+        }
+    });
+    /**
+     * @openapi
+     * /assessment/code/{code}:
+     *   get:
+     *     tags:
+     *       - Assessment
+     *     summary: Get assessment by code
+     *     description: Retrieves assessment information by code.
+     *     parameters:
+     *       - in: path
+     *         name: code
+     *         required: true
+     *         schema:
+     *           type: string
+     *         description: The assessment code
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved assessment information.
+     *       404:
+     *         description: Assessment not found
+     *       500:
+     *         description: Internal server error
+     */
+    dataRouter.get("/assessment/code/:code", [
+        generalRateLimit,
+        param("code")
             .isString()
             .trim()
             .isLength({ min: 1 })
-            .withMessage("Session state is required"),
+            .withMessage("Assessment code is required"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
-            const { assessmentId } = req.params;
-            const { sessionState } = req.body;
-            const db = getDatabase(req.appId);
-            const code = await specificImplementation.getCodeByUserId(req.user.uid, assessmentId);
-            const firestore = getFirestore();
-            const batch = firestore.batch();
-            await updateStudentSessionState(db, code, assessmentId, sessionState, batch);
-            const teacherId = await getTeacherIdByCode(db, code);
-            if (!teacherId) {
-                return sendError(res, 404, "Teacher not found for this code");
-            }
-            const studentSessions = await getPlannedStudent(db, teacherId, code);
-            const session = studentSessions.sessions.find((s) => s.assessmentId === assessmentId);
-            if (session) {
-                await specificImplementation.updatePlannedSession(teacherId, code, { ...session, sessionState }, batch);
+            const { code } = req.params;
+            const db = getDatabase();
+            // This would need to be implemented based on your database structure
+            // For now, returning a placeholder implementation
+            return sendError(res, 501, "Assessment by code endpoint not yet implemented");
+        }
+        catch (error) {
+            console.error("Error getting assessment by code:", error);
+            return sendError(res, 500, "Failed to get assessment");
+        }
+    });
+    /**
+     * @openapi
+     * /currentUser:
+     *   get:
+     *     tags:
+     *       - User
+     *     summary: Get current user information
+     *     description: Retrieves information about the currently authenticated user.
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved user information.
+     *       401:
+     *         description: Unauthorized
+     *       500:
+     *         description: Internal server error
+     */
+    dataRouter.get("/currentUser", [generalRateLimit, requireAuth], async (req, res) => {
+        try {
+            // Return basic user info from the authenticated request
+            const userInfo = {
+                userId: req.user.uid,
+                // Add other user properties as needed
+            };
+            return sendSuccess(res, userInfo);
+        }
+        catch (error) {
+            console.error("Error getting current user:", error);
+            return sendError(res, 500, "Failed to get current user");
+        }
+    });
+    /**
+     * @openapi
+     * /session/{code}/score:
+     *   post:
+     *     tags:
+     *       - Session
+     *     summary: Score items in a session
+     *     description: Scores all items in a session and returns the updated test context.
+     *     parameters:
+     *       - in: path
+     *         name: code
+     *         required: true
+     *         schema:
+     *           type: string
+     *         description: The session code
+     *     responses:
+     *       200:
+     *         description: Successfully scored items and returned test context.
+     *       403:
+     *         description: Code mismatch
+     *       500:
+     *         description: Internal server error
+     */
+    dataRouter.post("/session/:code/score", [
+        generalRateLimit,
+        param("code")
+            .isString()
+            .trim()
+            .isLength({ min: 1 })
+            .withMessage("Session code is required"),
+        handleValidationErrors,
+        requireAuthType("student"),
+    ], async (req, res) => {
+        try {
+            const { code } = req.params;
+            const db = getDatabase();
+            const uppercaseCode = code.toUpperCase();
+            const { code: codeRetrievedFromUser, startableCodes } = await getSessionInfoFromLoggedInUser(req);
+            if (!startableCodes.includes(uppercaseCode)) {
+                return sendError(res, 403, "Code mismatch");
             }
-            await batch.commit();
-            return sendSuccess(res, undefined, "Session state updated successfully");
+            // This would need to implement the scoring logic
+            // For now, returning a placeholder implementation
+            const firestore = getFirestore();
+            const sessionRef = firestore.doc(db.SESSION.DOC(uppercaseCode));
+            const sessionDoc = await sessionRef.get();
+            const testContext = sessionDoc.data();
+            return sendSuccess(res, testContext);
         }
         catch (error) {
-            console.error("Error updating session state:", error);
-            return sendError(res, 500, "Failed to update session state");
+            console.error("Error scoring items:", error);
+            return sendError(res, 500, "Failed to score items");
         }
     });
     /**
@@ -586,37 +784,187 @@ export function addQtiDataEndpoints(app, specificImplementation = new BaseImplem
      *   post:
      *     tags:
      *       - Session
-     *     summary: Log session data
-     *     description: Logs session data for a specific assessment.
+     *     summary: Log action for a session
+     *     description: Logs an action with payload for a specific session.
+     *     parameters:
+     *       - in: path
+     *         name: assessmentId
+     *         required: true
+     *         schema:
+     *           type: string
+     *         description: The session/assessment identifier
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             properties:
+     *               type:
+     *                 type: string
+     *                 description: The action type
+     *               payload:
+     *                 description: The action payload
+     *               time:
+     *                 type: string
+     *                 description: The timestamp
+     *               createdBy:
+     *                 type: string
+     *                 description: User ID who created the log
+     *     responses:
+     *       200:
+     *         description: Successfully logged the action.
+     *       500:
+     *         description: Internal server error
      */
-    app.post("/session/:assessmentId/log", [
+    dataRouter.post("/session/:assessmentId/log", [
         generalRateLimit,
         param("assessmentId")
             .isString()
             .trim()
             .isLength({ min: 1 })
             .withMessage("Assessment ID is required"),
-        body("logData").isObject().withMessage("Log data must be an object"),
+        body("type")
+            .isString()
+            .trim()
+            .isLength({ min: 1 })
+            .withMessage("Type is required"),
         handleValidationErrors,
-        requireAuth,
+        requireAuthType("student"),
     ], async (req, res) => {
         try {
             const { assessmentId } = req.params;
-            const db = getDatabase(req.appId);
-            const code = await specificImplementation.getCodeByUserId(req.user.uid, assessmentId);
+            const { type, payload, time, createdBy } = req.body;
+            const db = getDatabase();
+            const logEntry = {
+                type,
+                payload,
+                time: time || dateId(),
+                createdBy: createdBy || req.user.uid,
+                createdAt: new Date().getTime(),
+            };
             const firestore = getFirestore();
-            const sessionRef = firestore.doc(db.STUDENT.SESSION.LOG(code, assessmentId, dateId()));
-            await sessionRef.set({
-                ...req.body,
-                timestamp: new Date().toISOString(),
-                userId: req.user.uid,
-            });
-            return sendSuccess(res, undefined, "Log data saved successfully");
+            await firestore
+                .doc(db.SESSION.LOG.DOC(assessmentId, logEntry.time))
+                .set(logEntry);
+            return sendSuccess(res, undefined, "Action logged successfully");
+        }
+        catch (error) {
+            console.error("Error logging action:", error);
+            return sendError(res, 500, "Failed to log action");
+        }
+    });
+    /**
+     * @openapi
+     * /checkCode:
+     *   post:
+     *     tags:
+     *       - Session
+     *     summary: Check if a code is valid and get session info
+     *     description: Checks if the provided code is valid and retrieves session information.
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             properties:
+     *               code:
+     *                 type: string
+     *                 description: The session code.
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved session information or null if not found.
+     *       500:
+     *         description: Internal server error
+     */
+    dataRouter.post("/checkCode", [
+        generalRateLimit,
+        body("code")
+            .isString()
+            .trim()
+            .isLength({ min: 1, max: 50 })
+            .withMessage("Code must be between 1 and 50 characters"),
+        handleValidationErrors,
+        requireAuthType("student"),
+    ], async (req, res) => {
+        try {
+            const { code } = req.body;
+            const db = getDatabase();
+            const sessionInfo = await getSession(code.toUpperCase(), db, req.user.uid);
+            return sendSuccess(res, sessionInfo);
+        }
+        catch (error) {
+            console.error("Error in checkCode:", error);
+            return sendError(res, 500, "Failed to check code");
+        }
+    });
+    /**
+     * @openapi
+     * /feedback:
+     *   post:
+     *     tags:
+     *       - Student
+     *     summary: Submit student feedback
+     *     description: Endpoint for students to submit feedback with optional screenshot
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         multipart/form-data:
+     *           schema:
+     *             type: object
+     *             required:
+     *               - type
+     *               - description
+     *               - feedbackId
+     *             properties:
+     *               type:
+     *                 type: string
+     *                 description: Type of feedback
+     *               description:
+     *                 type: string
+     *                 description: Feedback description
+     *               feedbackId:
+     *                 type: string
+     *                 description: Unique feedback identifier
+     *               email:
+     *                 type: string
+     *                 description: User email (optional)
+     *               pageUrl:
+     *                 type: string
+     *                 description: URL of the page where feedback was submitted
+     *               screenshot:
+     *                 type: string
+     *                 format: binary
+     *                 description: Optional screenshot file
+     *     responses:
+     *       200:
+     *         description: Feedback submitted successfully
+     *       400:
+     *         description: Missing required fields or validation error
+     *       401:
+     *         description: Authentication required
+     *       500:
+     *         description: Server error
+     */
+    dataRouter.post("/feedback", [generalRateLimit, requireAuthType("student")], async (req, res) => {
+        try {
+            const userId = req.user.uid;
+            const { data, fileBuffer } = await processFeedbackSubmission(req);
+            // Validate the feedback data
+            const validationError = validateFeedbackData(data);
+            if (validationError) {
+                return sendError(res, 400, validationError);
+            }
+            // Save feedback with student user type
+            await saveFeedback(data, userId, 'student', fileBuffer);
+            return sendSuccess(res, undefined, "Feedback submitted successfully");
         }
         catch (error) {
-            console.error("Error logging session data:", error);
-            return sendError(res, 500, "Failed to log session data");
+            console.error("Error submitting student feedback:", error);
+            return sendError(res, 500, "An unexpected error occurred");
         }
     });
+    app.use("/", dataRouter);
 }
 //# sourceMappingURL=qti-data.js.map