@studious-lms/server 1.1.2 → 1.1.4

package/src/index.ts

@@ -9,6 +9,7 @@ import { appRouter } from './routers/_app.js';
 import { createTRPCContext, createCallerFactory } from './trpc.js';
 import { logger } from './utils/logger.js';
 import { setupSocketHandlers } from './socket/handlers.js';
+import { bucket } from './lib/googleCloudStorage.js';
 
 dotenv.config();
 
@@ -16,10 +17,55 @@ const app = express();
 
 // CORS middleware
 app.use(cors({
-  origin: [process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000', 'http://localhost:3000'],
+  origin: [
+    'http://localhost:3000',  // Frontend development server
+    'http://localhost:3001',  // Server port
+    'http://127.0.0.1:3000',  // Alternative localhost
+    'http://127.0.0.1:3001',  // Alternative localhost
+    process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+  ],
   credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'x-user'],
+  optionsSuccessStatus: 200
 }));
 
+// Handle preflight OPTIONS requests
+app.options('*', (req, res) => {
+  const allowedOrigins = [
+    'http://localhost:3000',
+    'http://localhost:3001', 
+    'http://127.0.0.1:3000',
+    'http://127.0.0.1:3001',
+    process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+  ];
+  
+  const origin = req.headers.origin;
+  if (origin && allowedOrigins.includes(origin)) {
+    res.header('Access-Control-Allow-Origin', origin);
+  } else {
+    res.header('Access-Control-Allow-Origin', 'http://localhost:3000');
+  }
+  
+  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, x-user');
+  res.header('Access-Control-Allow-Credentials', 'true');
+  res.sendStatus(200);
+});
+
+// CORS debugging middleware
+app.use((req, res, next) => {
+  if (req.method === 'OPTIONS' || req.path.includes('trpc')) {
+    logger.info('CORS Request', {
+      method: req.method,
+      path: req.path,
+      origin: req.headers.origin,
+      userAgent: req.headers['user-agent']
+    });
+  }
+  next();
+});
+
 // Response time logging middleware
 app.use((req, res, next) => {
   const start = Date.now();
@@ -41,10 +87,16 @@ const httpServer = createServer(app);
 // Setup Socket.IO
 const io = new Server(httpServer, {
   cors: {
-    origin: process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000',
-    methods: ['GET', 'POST'],
+    origin: [
+      'http://localhost:3000',  // Frontend development server
+      'http://localhost:3001',  // Server port
+      'http://127.0.0.1:3000',  // Alternative localhost
+      'http://127.0.0.1:3001',  // Alternative localhost
+      process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+    ],
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
     credentials: true,
-    allowedHeaders: ['Access-Control-Allow-Origin']
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'Access-Control-Allow-Origin', 'x-user']
   },
   transports: ['websocket', 'polling'],
   pingTimeout: 60000,
@@ -62,6 +114,50 @@ io.engine.on('connection_error', (err: Error) => {
 // Setup socket handlers
 setupSocketHandlers(io);
 
+// File serving endpoint for secure file access
+app.get('/api/files/:filePath', async (req, res) => {
+  try {
+    const filePath = decodeURIComponent(req.params.filePath);
+    console.log('File request:', { filePath, originalPath: req.params.filePath });
+    
+    // Get file from Google Cloud Storage
+    const file = bucket.file(filePath);
+    const [exists] = await file.exists();
+    
+    console.log('File exists:', exists, 'for path:', filePath);
+    
+    if (!exists) {
+      return res.status(404).json({ error: 'File not found', filePath });
+    }
+    
+    // Get file metadata
+    const [metadata] = await file.getMetadata();
+    
+    // Set appropriate headers
+    res.set({
+      'Content-Type': metadata.contentType || 'application/octet-stream',
+      'Content-Length': metadata.size,
+      'Cache-Control': 'public, max-age=31536000', // 1 year cache
+      'ETag': metadata.etag,
+    });
+    
+    // Stream file to response
+    const stream = file.createReadStream();
+    stream.pipe(res);
+    
+    stream.on('error', (error) => {
+      console.error('Error streaming file:', error);
+      if (!res.headersSent) {
+        res.status(500).json({ error: 'Error streaming file' });
+      }
+    });
+    
+  } catch (error) {
+    console.error('Error serving file:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
 // Create caller
 const createCaller = createCallerFactory(appRouter);
 
@@ -91,4 +187,15 @@ logger.info('Configurations', {
   PORT: process.env.PORT,
   NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL,
   LOG_MODE: process.env.LOG_MODE,
+});
+
+// Log CORS configuration
+logger.info('CORS Configuration', {
+  allowedOrigins: [
+    'http://localhost:3000',
+    'http://localhost:3001', 
+    'http://127.0.0.1:3000',
+    'http://127.0.0.1:3001',
+    process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+  ]
 });

package/src/lib/fileUpload.ts

@@ -11,6 +11,13 @@ export interface FileData {
   data: string; // base64 encoded file data
 }
 
+export interface DirectFileData {
+  name: string;
+  type: string;
+  size: number;
+  // No data field - for direct file uploads
+}
+
 export interface UploadedFile {
   id: string;
   name: string;
@@ -35,8 +42,25 @@ export async function uploadFile(
   assignmentId?: string
 ): Promise<UploadedFile> {
   try {
+    // Validate file extension matches MIME type
+    const fileExtension = file.name.split('.').pop()?.toLowerCase();
+    const mimeType = file.type.toLowerCase();
+    
+    const extensionMimeMap: Record<string, string[]> = {
+      'jpg': ['image/jpeg'],
+      'jpeg': ['image/jpeg'],
+      'png': ['image/png'],
+      'gif': ['image/gif'],
+      'webp': ['image/webp']
+    };
+    
+    if (fileExtension && extensionMimeMap[fileExtension]) {
+      if (!extensionMimeMap[fileExtension].includes(mimeType)) {
+        throw new Error(`File extension .${fileExtension} does not match MIME type ${mimeType}`);
+      }
+    }
+    
     // Create a unique filename
-    const fileExtension = file.name.split('.').pop();
     const uniqueFilename = `${uuidv4()}.${fileExtension}`;
     
   //   // Construct the full path
@@ -50,9 +74,10 @@ export async function uploadFile(
   //   // Generate and store thumbnail if supported
     let thumbnailId: string | undefined;
     try {
-  //     // Convert base64 to buffer for thumbnail generation
-      const base64Data = file.data.split(',')[1];
-      const fileBuffer = Buffer.from(base64Data, 'base64');
+  //         // Convert base64 to buffer for thumbnail generation
+    // Handle both data URI format (data:image/jpeg;base64,...) and raw base64
+    const base64Data = file.data.includes(',') ? file.data.split(',')[1] : file.data;
+    const fileBuffer = Buffer.from(base64Data, 'base64');
       
   //     // Generate thumbnail directly from buffer
       const thumbnailBuffer = await generateMediaThumbnail(fileBuffer, file.type);
@@ -79,6 +104,7 @@ export async function uploadFile(
       }
     } catch (error) {
       console.warn('Failed to generate thumbnail:', error);
+      // Continue without thumbnail - this is not a critical failure
     }
     
     // Create file record in database

package/src/lib/googleCloudStorage.ts

@@ -1,3 +1,5 @@
+import dotenv from 'dotenv';
+dotenv.config();
 import { Storage } from '@google-cloud/storage';
 import { TRPCError } from '@trpc/server';
 
@@ -9,7 +11,7 @@ const storage = new Storage({
   },
 });
 
-const bucket = storage.bucket(process.env.GOOGLE_CLOUD_BUCKET_NAME || '');
+export const bucket = storage.bucket(process.env.GOOGLE_CLOUD_BUCKET_NAME!);
 
 // Short expiration time for signed URLs (5 minutes)
 const SIGNED_URL_EXPIRATION = 5 * 60 * 1000;
@@ -60,13 +62,20 @@ export async function uploadFile(
  * @param filePath The path of the file in the bucket
  * @returns The signed URL
  */
-export async function getSignedUrl(filePath: string): Promise<string> {
+export async function getSignedUrl(filePath: string, action: 'read' | 'write' = 'read', contentType?: string): Promise<string> {
   try {
-    const [url] = await bucket.file(filePath).getSignedUrl({
+    const options: any = {
       version: 'v4',
-      action: 'read',
+      action: action,
       expires: Date.now() + SIGNED_URL_EXPIRATION,
-    });
+    };
+
+    // For write operations, add content type if provided
+    if (action === 'write' && contentType) {
+      options.contentType = contentType;
+    }
+
+    const [url] = await bucket.file(filePath).getSignedUrl(options);
     return url;
   } catch (error) {
     console.error('Error getting signed URL:', error);

package/src/routers/assignment.ts

@@ -75,6 +75,7 @@ const updateSubmissionSchema = z.object({
   newAttachments: z.array(fileSchema).optional(),
   existingFileIds: z.array(z.string()).optional(),
   removedAttachments: z.array(z.string()).optional(),
+  feedback: z.string().optional(),
   rubricGrades: z.array(z.object({
     criteriaId: z.string(),
     selectedLevelId: z.string(),
@@ -1130,7 +1131,7 @@ export const assignmentRouter = createTRPCRouter({
         });
       }
 
-      const { submissionId, return: returnSubmission, gradeReceived, newAttachments, existingFileIds, removedAttachments, rubricGrades } = input;
+      const { submissionId, return: returnSubmission, gradeReceived, newAttachments, existingFileIds, removedAttachments, rubricGrades, feedback } = input;
 
       const submission = await prisma.submission.findFirst({
         where: {
@@ -1285,6 +1286,7 @@ export const assignmentRouter = createTRPCRouter({
         data: {
           ...(gradeReceived !== undefined && { gradeReceived }),
           ...(rubricGrades && { rubricState: JSON.stringify(rubricGrades) }),
+          ...(feedback && { teacherComments: feedback }),
           ...(removedAttachments && removedAttachments.length > 0 && {
             annotations: {
               deleteMany: {
@@ -1292,6 +1294,7 @@ export const assignmentRouter = createTRPCRouter({
               },
             },
           }),
+          ...(returnSubmission as unknown as boolean && { returned: returnSubmission }),
         },
         include: {
           attachments: {
@@ -1746,6 +1749,45 @@ export const assignmentRouter = createTRPCRouter({
         },
       });
 
+      return updatedAssignment;
+    }),
+  detachGradingBoundary: protectedTeacherProcedure
+    .input(z.object({
+      classId: z.string(),
+      assignmentId: z.string(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const { assignmentId } = input;
+
+      const assignment = await prisma.assignment.findFirst({
+        where: {
+          id: assignmentId,
+        },
+      });
+
+      if (!assignment) {
+        throw new TRPCError({
+          code: "NOT_FOUND",
+          message: "Assignment not found",
+        });
+      }
+
+      const updatedAssignment = await prisma.assignment.update({
+        where: { id: assignmentId },
+        data: {
+          gradingBoundary: {
+            disconnect: true,
+          },
+        },
+        include: {
+          attachments: true,
+          section: true,
+          teacher: true,
+          eventAttached: true,
+          gradingBoundary: true,
+        },
+      });
+
       return updatedAssignment;
     }),
 });

package/src/routers/folder.ts

@@ -182,6 +182,7 @@ export const folderRouter = createTRPCRouter({
             select: {
               id: true,
               name: true,
+              color: true,
               _count: {
                 select: {
                   files: true,

package/src/routers/user.ts

@@ -3,17 +3,58 @@ import { createTRPCRouter, protectedProcedure } from "../trpc.js";
 import { TRPCError } from "@trpc/server";
 import { prisma } from "../lib/prisma.js";
 import { uploadFiles, type UploadedFile } from "../lib/fileUpload.js";
+import { getSignedUrl } from "../lib/googleCloudStorage.js";
+import { logger } from "../utils/logger.js";
+import { bucket } from "../lib/googleCloudStorage.js";
 
-const fileSchema = z.object({
-  name: z.string(),
-  type: z.string(),
-  size: z.number(),
-  data: z.string(), // base64 encoded file data
+// Helper function to convert file path to backend proxy URL
+function getFileUrl(filePath: string | null): string | null {
+  if (!filePath) return null;
+  
+  // If it's already a full URL (DiceBear or external), return as is
+  if (filePath.startsWith('http')) {
+    return filePath;
+  }
+  
+  // Convert GCS path to full backend proxy URL
+  const backendUrl = process.env.BACKEND_URL || 'http://localhost:3001';
+  return `${backendUrl}/api/files/${encodeURIComponent(filePath)}`;
+}
+
+// For direct file uploads (file already uploaded to GCS)
+const fileUploadSchema = z.object({
+  filePath: z.string().min(1, "File path is required"),
+  fileName: z.string().min(1, "File name is required"),
+  fileType: z.string().regex(/^image\/(jpeg|jpg|png|gif|webp)$/i, "Only image files (JPEG, PNG, GIF, WebP) are allowed"),
+  fileSize: z.number().max(5 * 1024 * 1024, "File size must be less than 5MB"),
+});
+
+// For DiceBear avatar URL
+const dicebearSchema = z.object({
+  url: z.string().url("Invalid DiceBear avatar URL"),
+});
+
+const profileSchema = z.object({
+  displayName: z.string().nullable().optional().transform(val => val === null ? undefined : val),
+  bio: z.string().nullable().optional().transform(val => val === null ? undefined : val),
+  location: z.string().nullable().optional().transform(val => val === null ? undefined : val),
+  website: z.union([
+    z.string().url(),
+    z.literal(""),
+    z.null().transform(() => undefined)
+  ]).optional(),
 });
 
 const updateProfileSchema = z.object({
-  profile: z.record(z.any()),
-  profilePicture: fileSchema.optional(),
+  profile: profileSchema.optional(),
+  // Support both custom file upload and DiceBear avatar
+  profilePicture: fileUploadSchema.optional(),
+  dicebearAvatar: dicebearSchema.optional(),
+});
+
+const getUploadUrlSchema = z.object({
+  fileName: z.string().min(1, "File name is required"),
+  fileType: z.string().regex(/^image\/(jpeg|jpg|png|gif|webp)$/i, "Only image files are allowed"),
 });
 
 export const userRouter = createTRPCRouter({
@@ -31,7 +72,6 @@ export const userRouter = createTRPCRouter({
         select: {
           id: true,
           username: true,
-          profile: true,
         },
       });
 
@@ -42,7 +82,30 @@ export const userRouter = createTRPCRouter({
         });
       }
 
-      return user;
+      // Get user profile separately
+      const userProfile = await prisma.userProfile.findUnique({
+        where: { userId: ctx.user.id },
+      });
+
+      return {
+        id: user.id,
+        username: user.username,
+        profile: userProfile ? {
+          displayName: (userProfile as any).displayName || null,
+          bio: (userProfile as any).bio || null,
+          location: (userProfile as any).location || null,
+          website: (userProfile as any).website || null,
+          profilePicture: getFileUrl((userProfile as any).profilePicture),
+          profilePictureThumbnail: getFileUrl((userProfile as any).profilePictureThumbnail),
+        } : {
+          displayName: null,
+          bio: null,
+          location: null,
+          website: null,
+          profilePicture: null,
+          profilePictureThumbnail: null,
+        },
+      };
     }),
 
   updateProfile: protectedProcedure
@@ -55,28 +118,140 @@ export const userRouter = createTRPCRouter({
         });
       }
 
-      let uploadedFiles: UploadedFile[] = [];
+      // Get current profile to clean up old profile picture
+      const currentProfile = await prisma.userProfile.findUnique({
+        where: { userId: ctx.user.id },
+      });
+
+      let profilePictureUrl: string | null = null;
+      let profilePictureThumbnail: string | null = null;
+
+      // Handle custom profile picture (already uploaded to GCS)
       if (input.profilePicture) {
-        // Store profile picture in a user-specific directory
-        uploadedFiles = await uploadFiles([input.profilePicture], ctx.user.id, `users/${ctx.user.id}/profile`);
-        
-        // Add profile picture path to profile data
-        input.profile.profilePicture = uploadedFiles[0].path;
-        input.profile.profilePictureThumbnail = uploadedFiles[0].thumbnailId;
+        try {
+          // File is already uploaded to GCS, just use the path
+          profilePictureUrl = input.profilePicture.filePath;
+          
+          // Generate thumbnail for the uploaded file
+          // TODO: Implement thumbnail generation for direct uploads
+          profilePictureThumbnail = null;
+
+          // Clean up old profile picture if it exists
+          if ((currentProfile as any)?.profilePicture) {
+            // TODO: Implement file deletion logic here
+            // await deleteFile((currentProfile as any).profilePicture);
+          }
+        } catch (error) {
+          logger.error('Profile picture processing failed', { 
+            userId: ctx.user.id, 
+            error: error instanceof Error ? error.message : 'Unknown error' 
+          });
+          throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "Failed to process profile picture. Please try again.",
+          });
+        }
       }
 
-      const updatedUser = await prisma.user.update({
-        where: { id: ctx.user.id },
-        data: {
-          profile: input.profile,
+      // Handle DiceBear avatar URL
+      if (input.dicebearAvatar) {
+        profilePictureUrl = input.dicebearAvatar.url;
+        // No thumbnail for DiceBear avatars since they're SVG URLs
+        profilePictureThumbnail = null;
+      }
+
+      // Prepare update data
+      const updateData: any = {};
+      if (input.profile) {
+        if (input.profile.displayName !== undefined && input.profile.displayName !== null) {
+          updateData.displayName = input.profile.displayName;
+        }
+        if (input.profile.bio !== undefined && input.profile.bio !== null) {
+          updateData.bio = input.profile.bio;
+        }
+        if (input.profile.location !== undefined && input.profile.location !== null) {
+          updateData.location = input.profile.location;
+        }
+        if (input.profile.website !== undefined && input.profile.website !== null) {
+          updateData.website = input.profile.website;
+        }
+      }
+      if (profilePictureUrl !== null) updateData.profilePicture = profilePictureUrl;
+      if (profilePictureThumbnail !== null) updateData.profilePictureThumbnail = profilePictureThumbnail;
+
+      // Upsert user profile with structured data
+      const updatedProfile = await prisma.userProfile.upsert({
+        where: { userId: ctx.user.id },
+        create: {
+          userId: ctx.user.id,
+          ...updateData,
         },
-        select: {
-          id: true,
-          username: true,
-          profile: true,
+        update: {
+          ...updateData,
+          updatedAt: new Date(),
         },
       });
 
-      return updatedUser;
+      // Get username for response
+      const user = await prisma.user.findUnique({
+        where: { id: ctx.user.id },
+        select: { username: true },
+      });
+
+      return {
+        id: ctx.user.id,
+        username: user?.username || '',
+        profile: {
+          displayName: (updatedProfile as any).displayName || null,
+          bio: (updatedProfile as any).bio || null,
+          location: (updatedProfile as any).location || null,
+          website: (updatedProfile as any).website || null,
+          profilePicture: getFileUrl((updatedProfile as any).profilePicture),
+          profilePictureThumbnail: getFileUrl((updatedProfile as any).profilePictureThumbnail),
+        },
+      };
+    }),
+
+  getUploadUrl: protectedProcedure
+    .input(getUploadUrlSchema)
+    .mutation(async ({ ctx, input }) => {
+      if (!ctx.user) {
+        throw new TRPCError({
+          code: "UNAUTHORIZED",
+          message: "User must be authenticated",
+        });
+      }
+
+      try {
+        // Generate unique filename
+        const fileExtension = input.fileName.split('.').pop();
+        const uniqueFilename = `${ctx.user.id}-${Date.now()}.${fileExtension}`;
+        const filePath = `users/${ctx.user.id}/profile/${uniqueFilename}`;
+
+        // Generate signed URL for direct upload (write permission)
+        const uploadUrl = await getSignedUrl(filePath, 'write', input.fileType);
+
+        logger.info('Generated upload URL', {
+          userId: ctx.user.id,
+          filePath,
+          fileName: uniqueFilename,
+          fileType: input.fileType
+        });
+
+        return {
+          uploadUrl,
+          filePath,
+          fileName: uniqueFilename,
+        };
+      } catch (error) {
+        logger.error('Failed to generate upload URL', { 
+          userId: ctx.user.id, 
+          error: error instanceof Error ? error.message : 'Unknown error' 
+        });
+        throw new TRPCError({
+          code: "INTERNAL_SERVER_ERROR",
+          message: "Failed to generate upload URL",
+        });
+      }
     }),
 });