npm - @studious-lms/server - Versions diffs - 1.2.45 → 1.2.46 - Mend

@studious-lms/server 1.2.45 → 1.2.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/.env.example +45 -0
package/.env.test.example +37 -0
package/README.md +34 -7
package/coverage/base.css +224 -0
package/coverage/block-navigation.js +87 -0
package/coverage/clover.xml +12110 -0
package/coverage/coverage-final.json +44 -0
package/coverage/favicon.png +0 -0
package/coverage/index.html +221 -0
package/coverage/prettify.css +1 -0
package/coverage/prettify.js +2 -0
package/coverage/server/index.html +116 -0
package/coverage/server/src/exportType.ts.html +109 -0
package/coverage/server/src/index.html +161 -0
package/coverage/server/src/index.ts.html +1702 -0
package/coverage/server/src/instrument.ts.html +130 -0
package/coverage/server/src/lib/config/env.ts.html +448 -0
package/coverage/server/src/lib/config/index.html +116 -0
package/coverage/server/src/lib/fileUpload.ts.html +1138 -0
package/coverage/server/src/lib/googleCloudStorage.ts.html +334 -0
package/coverage/server/src/lib/index.html +206 -0
package/coverage/server/src/lib/jsonConversion.ts.html +2323 -0
package/coverage/server/src/lib/jsonStyles.ts.html +193 -0
package/coverage/server/src/lib/notificationHandler.ts.html +193 -0
package/coverage/server/src/lib/pusher.ts.html +121 -0
package/coverage/server/src/lib/thumbnailGenerator.ts.html +592 -0
package/coverage/server/src/middleware/auth.ts.html +646 -0
package/coverage/server/src/middleware/index.html +146 -0
package/coverage/server/src/middleware/logging.ts.html +244 -0
package/coverage/server/src/middleware/security.ts.html +271 -0
package/coverage/server/src/routers/_app.ts.html +232 -0
package/coverage/server/src/routers/agenda.ts.html +319 -0
package/coverage/server/src/routers/announcement.ts.html +3481 -0
package/coverage/server/src/routers/assignment.ts.html +7633 -0
package/coverage/server/src/routers/attendance.ts.html +1030 -0
package/coverage/server/src/routers/auth.ts.html +1081 -0
package/coverage/server/src/routers/class.ts.html +3535 -0
package/coverage/server/src/routers/comment.ts.html +991 -0
package/coverage/server/src/routers/conversation.ts.html +982 -0
package/coverage/server/src/routers/event.ts.html +1609 -0
package/coverage/server/src/routers/file.ts.html +1144 -0
package/coverage/server/src/routers/folder.ts.html +2797 -0
package/coverage/server/src/routers/index.html +386 -0
package/coverage/server/src/routers/labChat.ts.html +3073 -0
package/coverage/server/src/routers/marketing.ts.html +340 -0
package/coverage/server/src/routers/message.ts.html +1912 -0
package/coverage/server/src/routers/notifications.ts.html +364 -0
package/coverage/server/src/routers/section.ts.html +1120 -0
package/coverage/server/src/routers/user.ts.html +862 -0
package/coverage/server/src/routers/worksheet.ts.html +1729 -0
package/coverage/server/src/trpc.ts.html +397 -0
package/coverage/server/src/types/index.html +116 -0
package/coverage/server/src/types/trpc.ts.html +127 -0
package/coverage/server/src/utils/aiUser.ts.html +280 -0
package/coverage/server/src/utils/email.ts.html +121 -0
package/coverage/server/src/utils/generateInviteCode.ts.html +106 -0
package/coverage/server/src/utils/index.html +206 -0
package/coverage/server/src/utils/inference.ts.html +709 -0
package/coverage/server/src/utils/logger.ts.html +664 -0
package/coverage/server/src/utils/prismaErrorHandler.ts.html +907 -0
package/coverage/server/src/utils/prismaWrapper.ts.html +355 -0
package/coverage/server/vitest.config.ts.html +196 -0
package/coverage/sort-arrow-sprite.png +0 -0
package/coverage/sorter.js +210 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +83 -52
package/dist/index.js.map +1 -1
package/dist/instrument.js +15 -8
package/dist/instrument.js.map +1 -1
package/dist/lib/config/env.d.ts +169 -0
package/dist/lib/config/env.d.ts.map +1 -0
package/dist/lib/config/env.js +115 -0
package/dist/lib/config/env.js.map +1 -0
package/dist/lib/fileUpload.d.ts.map +1 -1
package/dist/lib/fileUpload.js +5 -4
package/dist/lib/fileUpload.js.map +1 -1
package/dist/lib/googleCloudStorage.d.ts.map +1 -1
package/dist/lib/googleCloudStorage.js +7 -8
package/dist/lib/googleCloudStorage.js.map +1 -1
package/dist/lib/jsonConversion.d.ts.map +1 -1
package/dist/lib/jsonConversion.js +14 -16
package/dist/lib/jsonConversion.js.map +1 -1
package/dist/lib/notificationHandler.d.ts +2 -2
package/dist/lib/prisma.d.ts +2 -2
package/dist/lib/prisma.d.ts.map +1 -1
package/dist/lib/prisma.js +22 -3
package/dist/lib/prisma.js.map +1 -1
package/dist/lib/pusher.d.ts.map +1 -1
package/dist/lib/pusher.js +8 -7
package/dist/lib/pusher.js.map +1 -1
package/dist/middleware/auth.d.ts.map +1 -1
package/dist/middleware/auth.js +6 -5
package/dist/middleware/auth.js.map +1 -1
package/dist/middleware/security.d.ts +5 -0
package/dist/middleware/security.d.ts.map +1 -0
package/dist/middleware/security.js +77 -0
package/dist/middleware/security.js.map +1 -0
package/dist/routers/_app.d.ts +294 -98
package/dist/routers/_app.d.ts.map +1 -1
package/dist/routers/_app.js +4 -2
package/dist/routers/_app.js.map +1 -1
package/dist/routers/agenda.d.ts.map +1 -1
package/dist/routers/agenda.js +12 -9
package/dist/routers/agenda.js.map +1 -1
package/dist/routers/announcement.d.ts +8 -0
package/dist/routers/announcement.d.ts.map +1 -1
package/dist/routers/announcement.js +6 -4
package/dist/routers/announcement.js.map +1 -1
package/dist/routers/assignment.d.ts +7 -4
package/dist/routers/assignment.d.ts.map +1 -1
package/dist/routers/assignment.js +35 -18
package/dist/routers/assignment.js.map +1 -1
package/dist/routers/attendance.d.ts +1 -0
package/dist/routers/attendance.d.ts.map +1 -1
package/dist/routers/attendance.js +4 -4
package/dist/routers/attendance.js.map +1 -1
package/dist/routers/auth.d.ts +20 -0
package/dist/routers/auth.d.ts.map +1 -1
package/dist/routers/auth.js +132 -15
package/dist/routers/auth.js.map +1 -1
package/dist/routers/class.d.ts +10 -0
package/dist/routers/class.d.ts.map +1 -1
package/dist/routers/class.js +49 -5
package/dist/routers/class.js.map +1 -1
package/dist/routers/comment.d.ts +2 -0
package/dist/routers/comment.d.ts.map +1 -1
package/dist/routers/conversation.d.ts +1 -0
package/dist/routers/conversation.d.ts.map +1 -1
package/dist/routers/conversation.js +46 -31
package/dist/routers/conversation.js.map +1 -1
package/dist/routers/file.d.ts.map +1 -1
package/dist/routers/file.js +30 -7
package/dist/routers/file.js.map +1 -1
package/dist/routers/labChat.d.ts +1 -0
package/dist/routers/labChat.d.ts.map +1 -1
package/dist/routers/labChat.js +2 -3
package/dist/routers/labChat.js.map +1 -1
package/dist/routers/marketing.d.ts +1 -1
package/dist/routers/newtonChat.d.ts +55 -0
package/dist/routers/newtonChat.d.ts.map +1 -0
package/dist/routers/newtonChat.js +438 -0
package/dist/routers/newtonChat.js.map +1 -0
package/dist/routers/notifications.d.ts +4 -4
package/dist/routers/section.d.ts +9 -4
package/dist/routers/section.d.ts.map +1 -1
package/dist/routers/section.js +8 -8
package/dist/routers/section.js.map +1 -1
package/dist/routers/user.d.ts.map +1 -1
package/dist/routers/user.js +5 -4
package/dist/routers/user.js.map +1 -1
package/dist/routers/worksheet.d.ts +30 -36
package/dist/routers/worksheet.d.ts.map +1 -1
package/dist/routers/worksheet.js +11 -33
package/dist/routers/worksheet.js.map +1 -1
package/dist/seedDatabase.d.ts +1 -1
package/dist/seedDatabase.js +275 -284
package/dist/seedDatabase.js.map +1 -1
package/dist/server/pipelines/aiLabChat.d.ts +10 -0
package/dist/server/pipelines/aiLabChat.d.ts.map +1 -0
package/dist/server/pipelines/aiLabChat.js +83 -0
package/dist/server/pipelines/aiLabChat.js.map +1 -0
package/dist/server/pipelines/gradeWorksheet.d.ts +2 -0
package/dist/server/pipelines/gradeWorksheet.d.ts.map +1 -0
package/dist/server/pipelines/gradeWorksheet.js +138 -0
package/dist/server/pipelines/gradeWorksheet.js.map +1 -0
package/dist/trpc.d.ts.map +1 -1
package/dist/trpc.js +2 -2
package/dist/trpc.js.map +1 -1
package/dist/utils/email.d.ts +9 -1
package/dist/utils/email.d.ts.map +1 -1
package/dist/utils/email.js +20 -5
package/dist/utils/email.js.map +1 -1
package/dist/utils/inference.d.ts +3 -0
package/dist/utils/inference.d.ts.map +1 -1
package/dist/utils/inference.js +41 -7
package/dist/utils/inference.js.map +1 -1
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/logger.js +3 -3
package/dist/utils/logger.js.map +1 -1
package/docker-compose.yml +14 -0
package/package.json +13 -4
package/prisma/schema.prisma +32 -5
package/scripts/test-pre-push.ts +14 -0
package/src/index.ts +98 -54
package/src/instrument.ts +13 -6
package/src/lib/config/env.ts +126 -0
package/src/lib/fileUpload.ts +3 -2
package/src/lib/googleCloudStorage.ts +6 -6
package/src/lib/jsonConversion.ts +12 -14
package/src/lib/prisma.ts +23 -2
package/src/lib/pusher.ts +6 -5
package/src/middleware/auth.ts +4 -3
package/src/middleware/security.ts +80 -0
package/src/routers/_app.ts +2 -0
package/src/routers/agenda.ts +10 -7
package/src/routers/announcement.ts +4 -2
package/src/routers/assignment.ts +58 -40
package/src/routers/attendance.ts +2 -2
package/src/routers/auth.ts +143 -14
package/src/routers/class.ts +52 -3
package/src/routers/conversation.ts +49 -29
package/src/routers/file.ts +29 -5
package/src/routers/labChat.ts +0 -1
package/src/routers/newtonChat.ts +520 -0
package/src/routers/section.ts +6 -6
package/src/routers/user.ts +3 -2
package/src/routers/worksheet.ts +9 -37
package/src/seedDatabase.ts +290 -283
package/src/server/pipelines/aiLabChat.ts +92 -0
package/src/server/pipelines/gradeWorksheet.ts +152 -0
package/src/trpc.ts +2 -0
package/src/utils/email.ts +30 -3
package/src/utils/inference.ts +50 -5
package/src/utils/logger.ts +2 -1
package/tests/announcement.test.ts +164 -0
package/tests/assignment.test.ts +296 -0
package/tests/attendance.test.ts +168 -0
package/tests/auth.test.ts +33 -10
package/tests/class.test.ts +34 -9
package/tests/event.test.ts +228 -0
package/tests/section.test.ts +216 -0
package/tests/setup.ts +70 -16
package/tests/user.test.ts +158 -0
package/vitest.config.ts +26 -0
package/API_SPECIFICATION.md +0 -1597
package/BASE64_REMOVAL_SUMMARY.md +0 -164
package/CHAT_API_SPEC.md +0 -579
package/LAB_CHAT_API_SPEC.md +0 -518
package/dist/routers/school.d.ts +0 -208
package/dist/routers/school.d.ts.map +0 -1
package/dist/routers/school.js +0 -483

package/src/lib/jsonConversion.ts CHANGED Viewed

@@ -4,12 +4,13 @@ import { readFileSync } from 'fs'
 import { join } from 'path'
 import { writeFile } from 'fs'
 import { DocumentBlock, FormatTypes, Fonts } from './jsonStyles.js'
+import { logger } from '../utils/logger.js'
 export async function createPdf(blocks: DocumentBlock[]) {
-    console.log('createPdf: Starting PDF creation with', blocks.length, 'blocks');
+    logger.info(`createPdf: Starting PDF creation with ${blocks.length} blocks`);
     try {
         const pdfDoc = await PDFDocument.create()
-        console.log('createPdf: PDFDocument created successfully');
+        logger.info('createPdf: PDFDocument created successfully');
         // Register fontkit to enable custom font embedding
         pdfDoc.registerFontkit(fontkit)
@@ -33,9 +34,9 @@ export async function createPdf(blocks: DocumentBlock[]) {
             notoSansItalic = await pdfDoc.embedFont(italicFontBytes)
             courierFont = await pdfDoc.embedFont(StandardFonts.Courier) // Keep Courier for code blocks
-            console.log('createPdf: Unicode fonts loaded successfully');
+            logger.info('createPdf: Unicode fonts loaded successfully');
         } catch (fontError) {
-            console.warn('createPdf: Failed to load custom fonts, falling back to standard fonts:', fontError);
+            logger.warn(`createPdf: Failed to load custom fonts, falling back to standard fonts: ${fontError}`);
             // Fallback to standard fonts if custom fonts fail
             notoSansRegular = await pdfDoc.embedFont(StandardFonts.Helvetica)
             notoSansBold = await pdfDoc.embedFont(StandardFonts.HelveticaBold)
@@ -342,10 +343,10 @@ export async function createPdf(blocks: DocumentBlock[]) {
     let y = height - marginTop
     let lastLineHeight = -1
-    console.log('createPdf: Starting to process', blocks.length, 'blocks');
+    logger.info(`createPdf: Starting to process ${blocks.length} blocks`);
     for (let i = 0; i < blocks.length; i++) {
         const block = blocks[i];
-        console.log(`createPdf: Processing block ${i + 1}/${blocks.length}, format: ${block.format}, content type: ${typeof block.content}`);
+        logger.info(`createPdf: Processing block ${i + 1}/${blocks.length}, format: ${block.format}, content type: ${typeof block.content}`);
         try {
         const preset = STYLE_PRESETS[block.format] || { fontSize: defaultFontSize, lineHeight: defaultLineHeight }
@@ -725,24 +726,21 @@ export async function createPdf(blocks: DocumentBlock[]) {
                 }
             }
         }
-        console.log(`createPdf: Successfully processed block ${i + 1}`);
+        logger.info(`createPdf: Successfully processed block ${i + 1}`);
         y -= paragraphSpacing
         lastLineHeight = lineHeight
         } catch (blockError) {
-            console.error(`createPdf: Error processing block ${i + 1}:`, blockError);
+            logger.error(`createPdf: Error processing block ${i + 1}: ${blockError}`);
             throw blockError;
         }
     }
-        console.log('createPdf: About to save PDF document');
+        logger.info('createPdf: About to save PDF document');
         const pdfBytes = await pdfDoc.save()
-        console.log('createPdf: PDF saved successfully, bytes length:', pdfBytes.length);
-        // writeFile('output.pdf', pdfBytes, () => {
-        //     console.log('PDF created successfully') // Still only saves file, no API yet
-        // })
+        logger.info(`createPdf: PDF saved successfully, bytes length: ${pdfBytes.length}`);
         return pdfBytes
     } catch (error) {
-        console.error('createPdf: Error during PDF creation:', error);
+        logger.error(`createPdf: Error during PDF creation: ${error}`);
         throw error;
     }
 }

package/src/lib/prisma.ts CHANGED Viewed

@@ -1,6 +1,23 @@
 import { PrismaClient } from '@prisma/client';
+import { env } from './config/env.js';
+const getLogLevel = () => {
+  switch (env.NODE_ENV) {
+    case 'development':
+      return ['query', 'error', 'warn'];
+    case 'production':
+      return ['error'];
+    default:
+      return ['error'];
+  }
+}
 const prismaClientSingleton = () => {
+  // return new PrismaClient({
+  //   log: env.NODE_ENV === 'development'
+  //     ? ['query', 'error', 'warn']
+  //     : ['error'],
+  // });
   return new PrismaClient();
 };
@@ -11,6 +28,10 @@ declare global {
 export const prisma = globalThis.prisma ?? prismaClientSingleton();
-if (process.env.NODE_ENV !== 'production') {
+if (env.NODE_ENV !== 'production') {
   globalThis.prisma = prisma;
-}
+}
+process.on('beforeExit', async () => {
+  await prisma.$disconnect();
+});

package/src/lib/pusher.ts CHANGED Viewed

@@ -1,11 +1,12 @@
 import Pusher from 'pusher';
+import { env } from './config/env.js';
 const pusher = new Pusher({
-  appId: process.env.PUSHER_APP_ID!,
-  key: process.env.PUSHER_KEY!,
-  secret: process.env.PUSHER_SECRET!,
-  cluster: process.env.PUSHER_CLUSTER!,
-  useTLS: true,
+  appId: env.PUSHER_APP_ID,
+  key: env.PUSHER_KEY,
+  secret: env.PUSHER_SECRET,
+  cluster: env.PUSHER_CLUSTER,
+  useTLS: env.NODE_ENV !== 'development',
 });
 export { pusher };

package/src/middleware/auth.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { TRPCError } from '@trpc/server';
 import { prisma } from '../lib/prisma.js';
 import type { MiddlewareContext } from '../types/trpc.js';
+import * as Sentry from "@sentry/node";
 export const createAuthMiddleware = (t: any) => {
@@ -50,10 +51,10 @@ export const createAuthMiddleware = (t: any) => {
         },
       });
     } catch (error) {
-      console.log(error)
+      Sentry.captureException(error);
       throw new TRPCError({
-        code: 'UNAUTHORIZED',
-        message: 'Invalid user data',
+        code: 'INTERNAL_SERVER_ERROR',
+        message: 'Internal server error',
       });
     }
   });

package/src/middleware/security.ts ADDED Viewed

@@ -0,0 +1,80 @@
+import helmet from 'helmet';
+import rateLimit from 'express-rate-limit';
+import type { Request, Response } from 'express';
+const isDevelopment = process.env.NODE_ENV === 'development';
+// Custom handler for rate limit errors that returns JSON
+// This format can be intercepted on the frontend with:
+// error.data?.code === 'TOO_MANY_REQUESTS' || error.data?.httpStatus === 429
+const rateLimitHandler = (req: Request, res: Response) => {
+  // Return JSON structure that can be intercepted on frontend with:
+  // error.data?.code === 'TOO_MANY_REQUESTS' || error.data?.httpStatus === 429
+  // When tRPC wraps this, the response body becomes error.data, so we put code/httpStatus at top level
+  res.status(429).json({
+    code: 'TOO_MANY_REQUESTS',
+    message: 'Too many requests, please try again later.',
+  });
+};
+// General API rate limiter - applies to all routes
+export const generalLimiter = rateLimit({
+  windowMs: 10 * 60 * 1000, // 10 minutes
+  max: 100, // Limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again later.',
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+  handler: rateLimitHandler,
+  skip: (req) => {
+    // Skip rate limiting for health checks
+    return req.path === '/health';
+  },
+});
+// Stricter rate limiter for authentication endpoints
+export const authLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 minutes
+  max: 5, // Limit each IP to 5 login attempts per windowMs
+  message: 'Too many authentication attempts, please try again later.',
+  standardHeaders: true,
+  legacyHeaders: false,
+  skipSuccessfulRequests: true, // Don't count successful requests
+  handler: rateLimitHandler,
+});
+// File upload rate limiter
+export const uploadLimiter = rateLimit({
+  windowMs: 30 * 60 * 1000, // 30 minutes
+  max: 50, // Limit each IP to 50 uploads per hour
+  message: 'Too many file uploads, please try again later.',
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: rateLimitHandler,
+});
+// Helmet configuration
+export const helmetConfig = helmet({
+  contentSecurityPolicy: {
+    directives: {
+      defaultSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"], // Allow inline styles for tRPC panel
+      // Allow inline scripts only in development (for tRPC panel)
+      // In production, keep strict CSP without unsafe-inline
+      scriptSrc: isDevelopment
+        ? ["'self'", "'unsafe-inline'"]
+        : ["'self'"],
+      imgSrc: ["'self'", "data:", "https:"], // Allow images from any HTTPS source
+      connectSrc: ["'self'", "https://*.sentry.io"], // Allow Sentry connections
+      fontSrc: ["'self'", "data:"],
+      objectSrc: ["'none'"],
+      mediaSrc: ["'self'"],
+      frameSrc: ["'none'"],
+    },
+  },
+  crossOriginEmbedderPolicy: false, // Disable if you need to embed resources
+  hsts: {
+    maxAge: 31536000, // 1 year
+    includeSubDomains: true,
+    preload: true,
+  },
+});

package/src/routers/_app.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import { notificationRouter } from "./notifications.js";
 import { conversationRouter } from "./conversation.js";
 import { messageRouter } from "./message.js";
 import { labChatRouter } from "./labChat.js";
+import { newtonChatRouter } from "./newtonChat.js";
 import { marketingRouter } from "./marketing.js";
 import { worksheetRouter } from "./worksheet.js";
 import { commentRouter } from "./comment.js";
@@ -36,6 +37,7 @@ export const appRouter = createTRPCRouter({
   conversation: conversationRouter,
   message: messageRouter,
   labChat: labChatRouter,
+  newtonChat: newtonChatRouter,
   marketing: marketingRouter,
   worksheet: worksheetRouter,
   comment: commentRouter,

package/src/routers/agenda.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc.js";
 import { prisma } from "../lib/prisma.js";
 import { TRPCError } from "@trpc/server";
-import { addDays, startOfDay, endOfDay } from "date-fns";
+import { addDays, addMonths, subMonths, startOfDay, endOfDay } from "date-fns";
 export const agendaRouter = createTRPCRouter({
   get: protectedProcedure
@@ -17,8 +17,11 @@ export const agendaRouter = createTRPCRouter({
         });
       }
-      const weekStart = startOfDay(new Date(input.weekStart));
-      const weekEnd = endOfDay(addDays(weekStart, 6));
+      // Expand query range to 6 months (3 months before and after the reference date)
+      // to allow calendar navigation and ensure newly created events are visible
+      const referenceDate = new Date(input.weekStart);
+      const rangeStart = startOfDay(subMonths(referenceDate, 3));
+      const rangeEnd = endOfDay(addMonths(referenceDate, 3));
       const [personalEvents, classEvents] = await Promise.all([
         // Get personal events
@@ -26,8 +29,8 @@ export const agendaRouter = createTRPCRouter({
           where: {
             userId: ctx.user.id,
             startTime: {
-              gte: weekStart,
-              lte: weekEnd,
+              gte: rangeStart,
+              lte: rangeEnd,
             },
             class: {
               is: null,
@@ -59,8 +62,8 @@ export const agendaRouter = createTRPCRouter({
               ],
             },
             startTime: {
-              gte: weekStart,
-              lte: weekEnd,
+              gte: rangeStart,
+              lte: rangeEnd,
             },
           },
           include: {

package/src/routers/announcement.ts CHANGED Viewed

@@ -206,9 +206,10 @@ export const announcementRouter = createTRPCRouter({
             };
         }),
-    update: protectedProcedure
+    update: protectedTeacherProcedure
         .input(z.object({
             id: z.string(),
+            classId: z.string(),
             data: z.object({
                 remarks: z.string().min(1, "Remarks cannot be empty").optional(),
                 files: z.array(directFileSchema).optional(),
@@ -339,9 +340,10 @@ export const announcementRouter = createTRPCRouter({
             };
         }),
-    delete: protectedProcedure
+    delete: protectedTeacherProcedure
         .input(z.object({
             id: z.string(),
+            classId: z.string(),
         }))
         .mutation(async ({ ctx, input }) => {
             if (!ctx.user) {

package/src/routers/assignment.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { createDirectUploadFiles, type DirectUploadFile, confirmDirectUpload, up
 import { deleteFile } from "../lib/googleCloudStorage.js";
 import { sendNotifications } from "../lib/notificationHandler.js";
 import { logger } from "../utils/logger.js";
+import { gradeWorksheetPipeline } from "../server/pipelines/gradeWorksheet.js";
 // DEPRECATED: This schema is no longer used - files are uploaded directly to GCS
 // Use directFileSchema instead
@@ -173,11 +174,11 @@ async function getUnifiedList(tx: any, classId: string) {
 // Updated to batch updates to prevent timeouts with large lists
 async function normalizeUnifiedList(tx: any, classId: string, orderedItems: Array<{ id: string; type: 'section' | 'assignment' }>) {
   const BATCH_SIZE = 10; // Process 10 items at a time to avoid overwhelming the transaction
   // Group items by type for more efficient updates
   const sections: Array<{ id: string; order: number }> = [];
   const assignments: Array<{ id: string; order: number }> = [];
   orderedItems.forEach((item, index) => {
     const orderData = { id: item.id, order: index + 1 };
     if (item.type === 'section') {
@@ -186,7 +187,7 @@ async function normalizeUnifiedList(tx: any, classId: string, orderedItems: Arra
       assignments.push(orderData);
     }
   });
   // Process updates in batches
   const processBatch = async (items: Array<{ id: string; order: number }>, type: 'section' | 'assignment') => {
     for (let i = 0; i < items.length; i += BATCH_SIZE) {
@@ -202,7 +203,7 @@ async function normalizeUnifiedList(tx: any, classId: string, orderedItems: Arra
       );
     }
   };
   // Process sections and assignments sequentially to avoid transaction overload
   await processBatch(sections, 'section');
   await processBatch(assignments, 'assignment');
@@ -318,7 +319,7 @@ export const assignmentRouter = createTRPCRouter({
       return updated;
     }),
-    move: protectedTeacherProcedure
+  move: protectedTeacherProcedure
     .input(z.object({
       id: z.string(),
       classId: z.string(),
@@ -354,7 +355,7 @@ export const assignmentRouter = createTRPCRouter({
       return updated;
     }),
-  create: protectedProcedure
+  create: protectedTeacherProcedure
     .input(createAssignmentSchema)
     .mutation(async ({ ctx, input }) => {
       const { classId, title, instructions, dueDate, files, existingFileIds, aiPolicyLevel, acceptFiles, acceptExtendedResponse, acceptWorksheet, worksheetIds, gradeWithAI, studentIds, maxGrade, graded, weight, sectionId, type, markSchemeId, gradingBoundaryId, inProgress } = input;
@@ -401,16 +402,14 @@ export const assignmentRouter = createTRPCRouter({
         }, 0);
       }
-      console.log(studentIds);
       // Prepare submission data outside transaction
-      const submissionData = studentIds && studentIds.length > 0
+      const submissionData = studentIds && studentIds.length > 0
         ? studentIds.map((studentId) => ({
-            student: { connect: { id: studentId } }
-          }))
+          student: { connect: { id: studentId } }
+        }))
         : classData.students.map((student) => ({
-            student: { connect: { id: student.id } }
-          }));
+          student: { connect: { id: student.id } }
+        }));
       const teacherId = ctx.user.id;
@@ -516,7 +515,7 @@ export const assignmentRouter = createTRPCRouter({
             order: { increment: 1 }
           }
         });
         await tx.section.updateMany({
           where: {
             classId: classId,
@@ -581,12 +580,12 @@ export const assignmentRouter = createTRPCRouter({
       // Execute file operations in parallel
       await Promise.all(fileOperations);
       // Send notifications asynchronously (non-blocking)
       sendNotifications(classData.students.map(student => student.id), {
         title: `🔔 New assignment for ${classData.name}`,
         content:
-        `The assignment "${title}" has been created in ${classData.name}.\n
+          `The assignment "${title}" has been created in ${classData.name}.\n
         Due date: ${new Date(dueDate).toLocaleDateString()}.
         [Link to assignment](/class/${classId}/assignments/${assignment.id})`
       }).catch(error => {
@@ -595,7 +594,7 @@ export const assignmentRouter = createTRPCRouter({
       return assignment;
     }),
-  update: protectedProcedure
+  update: protectedTeacherProcedure
     .input(updateAssignmentSchema)
     .mutation(async ({ ctx, input }) => {
       const { id, title, instructions, dueDate, files, existingFileIds, worksheetIds, aiPolicyLevel, maxGrade, graded, weight, sectionId, type, inProgress, acceptFiles, acceptExtendedResponse, acceptWorksheet, gradeWithAI, studentIds } = input;
@@ -640,10 +639,10 @@ export const assignmentRouter = createTRPCRouter({
           },
         }),
         prisma.class.findFirst({
-          where: {
-            assignments: {
-              some: { id }
-            }
+          where: {
+            assignments: {
+              some: { id }
+            }
           },
           include: {
             students: {
@@ -661,13 +660,13 @@ export const assignmentRouter = createTRPCRouter({
       }
       // Prepare submission data outside transaction if needed
-      const submissionData = studentIds && studentIds.length > 0
+      const submissionData = studentIds && studentIds.length > 0
         ? studentIds.map((studentId) => ({
-            student: { connect: { id: studentId } }
-          }))
+          student: { connect: { id: studentId } }
+        }))
         : classData?.students.map((student) => ({
-            student: { connect: { id: student.id } }
-          }));
+          student: { connect: { id: student.id } }
+        }));
       // Handle file deletion operations outside transaction
       const fileDeletionPromises: Promise<void>[] = [];
@@ -929,7 +928,7 @@ export const assignmentRouter = createTRPCRouter({
       };
     }),
-  get: protectedProcedure
+  get: protectedClassMemberProcedure
     .input(getAssignmentSchema)
     .query(async ({ ctx, input }) => {
       const { id, classId } = input;
@@ -1140,19 +1139,12 @@ export const assignmentRouter = createTRPCRouter({
       };
     }),
-  getSubmissionById: protectedTeacherProcedure
+  getSubmissionById: protectedClassMemberProcedure
     .input(z.object({
-      submissionId: z.string(),
       classId: z.string(),
+      submissionId: z.string(),
     }))
     .query(async ({ ctx, input }) => {
-      if (!ctx.user) {
-        throw new TRPCError({
-          code: "UNAUTHORIZED",
-          message: "User must be authenticated",
-        });
-      }
       const { submissionId, classId } = input;
       const submission = await prisma.submission.findFirst({
@@ -1161,11 +1153,22 @@ export const assignmentRouter = createTRPCRouter({
           assignment: {
             classId,
             class: {
-              teachers: {
-                some: {
-                  id: ctx.user.id
+              OR: [
+                {
+                  teachers: {
+                    some: {
+                      id: ctx.user?.id
+                    }
+                  }
+                },
+                {
+                  students: {
+                    some: {
+                      id: ctx.user?.id
+                    }
+                  }
                 }
-              }
+              ],
             }
           },
         },
@@ -1287,6 +1290,21 @@ export const assignmentRouter = createTRPCRouter({
       if (submit !== undefined) {
         // Toggle submission status
+        if (submission.assignment.acceptWorksheet && submission.assignment.gradeWithAI) {
+          // Grade the submission with AI
+          const worksheetResponses = await prisma.studentWorksheetResponse.findMany({
+            where: {
+              submissionId: submission.id,
+            },
+          });
+          for (const worksheetResponse of worksheetResponses) {
+            // Run it in the background, non-blocking
+            gradeWorksheetPipeline(worksheetResponse.id);
+          }
+        }
         return await prisma.submission.update({
           where: { id: submission.id },
           data: {

package/src/routers/attendance.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { createTRPCRouter, protectedProcedure } from "../trpc.js";
+import { createTRPCRouter, protectedClassMemberProcedure, protectedProcedure } from "../trpc.js";
 import { TRPCError } from "@trpc/server";
 import { prisma } from "../lib/prisma.js";
@@ -11,7 +11,7 @@ const attendanceSchema = z.object({
 });
 export const attendanceRouter = createTRPCRouter({
-  get: protectedProcedure
+  get: protectedClassMemberProcedure
     .input(z.object({
       classId: z.string(),
       eventId: z.string().optional(),