Benjamin Admin
d9858084dd
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-school (push) Successful in 31s
CI / test-go-edu-search (push) Successful in 30s
CI / test-python-klausur (push) Failing after 2m36s
CI / test-python-agent-core (push) Successful in 21s
CI / test-nodejs-website (push) Successful in 26s
Backend (school-service):
- parent_account, parent_child, parent_magic_link, parent_session
tables. Tokens are sha256-hashed in DB; raw goes back exactly
once to the inviting teacher.
- InviteParent upserts the parent account, links a child to a tt_
class, mints a 7-day magic link. Returns the link path so the
teacher can paste it into Matrix/Email.
- RedeemMagicLink validates + marks used + mints a 30-day session,
sets HttpOnly bp_parent_session cookie.
- ParentSessionMiddleware reads the cookie and resolves the parent.
Lives in its own router group /api/v1/parent — totally separate
from the teacher JWT path.
- ParentMe returns the account + list of children (with class name).
- ParentTimetable returns the latest completed tt_solution's lessons
for the requested child's class, with full authorization check
(parent must own a child in that class).
Frontend (studio-v2):
- lib/calendar/subject-i18n.ts maps 22 German subject names to 8
parent locales (de/en/tr/ar/uk/ru/pl/fr). Falls back to German
for custom subjects.
- ParentManager component on the Schulkalender page lets the teacher
invite parents via email + child name + class + language. Newly
minted magic-link is shown with a copy-to-clipboard button.
- app/api/parent/[...path]/route.ts proxies parent-side endpoints
via the cookie so HttpOnly survives the Next.js round-trip.
- /eltern/login?token=… redeems and redirects to /eltern.
- /eltern shows a Wochengrid with German days + translated subject
names in the parent's preferred language. Headings and weekday
labels also localised (de/en/tr/ar/uk/ru/pl/fr).
Tests:
- 3 new Go unit tests (random token, hash stability, invite-request
validator). 83 subtests gesamt.
- studio-v2: e2e/eltern.spec.ts mit 7 tests across ParentManager,
/eltern/login, /eltern overview, subject-i18n end-to-end.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
43 lines
1.4 KiB
Go
43 lines
1.4 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// ParentResolver is the minimum the middleware needs from the parent
|
|
// service. Defined as interface so handlers can pass their own service
|
|
// without import cycles.
|
|
type ParentResolver interface {
|
|
ParentFromSession(ctx context.Context, token string) (parent interface{}, err error)
|
|
}
|
|
|
|
// ParentSessionCookieName is the name of the HttpOnly cookie that carries
|
|
// the parent's session token after redeem. Exported so handlers can set it.
|
|
const ParentSessionCookieName = "bp_parent_session"
|
|
|
|
// ParentSessionMiddleware reads the parent session cookie and resolves it
|
|
// to a parent_account. Stores parent_id (string) in the Gin context for
|
|
// downstream handlers. Aborts with 401 if the cookie is missing or the
|
|
// session expired.
|
|
func ParentSessionMiddleware(resolve func(ctx context.Context, token string) (string, string, string, error)) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
token, err := c.Cookie(ParentSessionCookieName)
|
|
if err != nil || token == "" {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Parent session required"})
|
|
return
|
|
}
|
|
parentID, email, lang, err := resolve(c.Request.Context(), token)
|
|
if err != nil {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid or expired session"})
|
|
return
|
|
}
|
|
c.Set("parent_id", parentID)
|
|
c.Set("parent_email", email)
|
|
c.Set("parent_language", lang)
|
|
c.Next()
|
|
}
|
|
}
|