Benjamin Admin
d9858084dd
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-school (push) Successful in 31s
CI / test-go-edu-search (push) Successful in 30s
CI / test-python-klausur (push) Failing after 2m36s
CI / test-python-agent-core (push) Successful in 21s
CI / test-nodejs-website (push) Successful in 26s
Backend (school-service):
- parent_account, parent_child, parent_magic_link, parent_session
tables. Tokens are sha256-hashed in DB; raw goes back exactly
once to the inviting teacher.
- InviteParent upserts the parent account, links a child to a tt_
class, mints a 7-day magic link. Returns the link path so the
teacher can paste it into Matrix/Email.
- RedeemMagicLink validates + marks used + mints a 30-day session,
sets HttpOnly bp_parent_session cookie.
- ParentSessionMiddleware reads the cookie and resolves the parent.
Lives in its own router group /api/v1/parent — totally separate
from the teacher JWT path.
- ParentMe returns the account + list of children (with class name).
- ParentTimetable returns the latest completed tt_solution's lessons
for the requested child's class, with full authorization check
(parent must own a child in that class).
Frontend (studio-v2):
- lib/calendar/subject-i18n.ts maps 22 German subject names to 8
parent locales (de/en/tr/ar/uk/ru/pl/fr). Falls back to German
for custom subjects.
- ParentManager component on the Schulkalender page lets the teacher
invite parents via email + child name + class + language. Newly
minted magic-link is shown with a copy-to-clipboard button.
- app/api/parent/[...path]/route.ts proxies parent-side endpoints
via the cookie so HttpOnly survives the Next.js round-trip.
- /eltern/login?token=… redeems and redirects to /eltern.
- /eltern shows a Wochengrid with German days + translated subject
names in the parent's preferred language. Headings and weekday
labels also localised (de/en/tr/ar/uk/ru/pl/fr).
Tests:
- 3 new Go unit tests (random token, hash stability, invite-request
validator). 83 subtests gesamt.
- studio-v2: e2e/eltern.spec.ts mit 7 tests across ParentManager,
/eltern/login, /eltern overview, subject-i18n end-to-end.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
141 lines
4.3 KiB
Go
141 lines
4.3 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/breakpilot/school-service/internal/middleware"
|
|
"github.com/breakpilot/school-service/internal/models"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// ---------- Teacher-side (uses JWT/dev auth from existing middleware) ----------
|
|
|
|
func (h *Handler) InviteParent(c *gin.Context) {
|
|
uid := getUserID(c)
|
|
if uid == "" {
|
|
respondError(c, http.StatusUnauthorized, "User not authenticated")
|
|
return
|
|
}
|
|
var req models.InviteParentRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
respondError(c, http.StatusBadRequest, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
out, err := h.parentService.InviteParent(c.Request.Context(), uid, &req)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, "Failed to invite parent: "+err.Error())
|
|
return
|
|
}
|
|
respondCreated(c, out)
|
|
}
|
|
|
|
func (h *Handler) ListParentInvites(c *gin.Context) {
|
|
uid := getUserID(c)
|
|
if uid == "" {
|
|
respondError(c, http.StatusUnauthorized, "User not authenticated")
|
|
return
|
|
}
|
|
items, err := h.parentService.ListInvites(c.Request.Context(), uid)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, "Failed to list invites: "+err.Error())
|
|
return
|
|
}
|
|
if items == nil {
|
|
items = []models.ParentInviteListItem{}
|
|
}
|
|
respondSuccess(c, items)
|
|
}
|
|
|
|
func (h *Handler) DeleteParentInvite(c *gin.Context) {
|
|
uid := getUserID(c)
|
|
if uid == "" {
|
|
respondError(c, http.StatusUnauthorized, "User not authenticated")
|
|
return
|
|
}
|
|
if err := h.parentService.DeleteInvite(c.Request.Context(), c.Param("id"), uid); err != nil {
|
|
respondError(c, http.StatusInternalServerError, "Failed to delete invite: "+err.Error())
|
|
return
|
|
}
|
|
c.JSON(http.StatusOK, gin.H{"message": "Invite removed"})
|
|
}
|
|
|
|
// ---------- Parent-side (uses ParentSessionMiddleware) ----------
|
|
|
|
func (h *Handler) RedeemMagicLink(c *gin.Context) {
|
|
var req models.RedeemMagicLinkRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
respondError(c, http.StatusBadRequest, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
session, parent, err := h.parentService.RedeemMagicLink(c.Request.Context(), req.Token)
|
|
if err != nil {
|
|
respondError(c, http.StatusUnauthorized, err.Error())
|
|
return
|
|
}
|
|
// HttpOnly + Lax → cookie survives a fresh redirect from /eltern/login but
|
|
// isn't sent on cross-site CSRF requests.
|
|
c.SetSameSite(http.SameSiteLaxMode)
|
|
c.SetCookie(middleware.ParentSessionCookieName, session,
|
|
60*60*24*30, "/", "", false, true)
|
|
respondSuccess(c, parent)
|
|
}
|
|
|
|
func (h *Handler) ParentMe(c *gin.Context) {
|
|
parentID := c.GetString("parent_id")
|
|
children, err := h.parentService.ListChildren(c.Request.Context(), parentID)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
if children == nil {
|
|
children = []models.ParentChild{}
|
|
}
|
|
respondSuccess(c, gin.H{
|
|
"parent": gin.H{
|
|
"id": parentID,
|
|
"email": c.GetString("parent_email"),
|
|
"preferred_language": c.GetString("parent_language"),
|
|
},
|
|
"children": children,
|
|
})
|
|
}
|
|
|
|
// ParentTimetable returns the latest completed timetable lessons for the
|
|
// given child's class. Authorization: parent must own a child in that class.
|
|
func (h *Handler) ParentTimetable(c *gin.Context) {
|
|
parentID := c.GetString("parent_id")
|
|
classID := c.Query("class_id")
|
|
if classID == "" {
|
|
respondError(c, http.StatusBadRequest, "class_id required")
|
|
return
|
|
}
|
|
ok, err := h.parentService.ChildBelongsToParent(c.Request.Context(), parentID, classID)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
if !ok {
|
|
respondError(c, http.StatusForbidden, "Not allowed")
|
|
return
|
|
}
|
|
// Need the teacher's user_id to find the right solution. We re-derive it
|
|
// from parent_account.created_by_user_id via a small extra query.
|
|
teacherID, err := h.parentService.TeacherOfParent(c.Request.Context(), parentID)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
lessons, err := h.parentService.LatestCompletedSolutionLessonsForClass(c.Request.Context(), classID, teacherID)
|
|
if err != nil {
|
|
respondError(c, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
respondSuccess(c, lessons)
|
|
}
|
|
|
|
func (h *Handler) ParentLogout(c *gin.Context) {
|
|
c.SetSameSite(http.SameSiteLaxMode)
|
|
c.SetCookie(middleware.ParentSessionCookieName, "", -1, "/", "", false, true)
|
|
c.JSON(http.StatusOK, gin.H{"message": "Logged out"})
|
|
}
|