Benjamin_Boenisch/breakpilot-lehrer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9858084ddb3902f8dadf87e2faf733bb9617da8
breakpilot-lehrer/studio-v2/app/api/parent/[...path]/route.ts
T
Benjamin Admin d9858084dd
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-school (push) Successful in 31s
Details
CI / test-go-edu-search (push) Successful in 30s
Details
CI / test-python-klausur (push) Failing after 2m36s
Details
CI / test-python-agent-core (push) Successful in 21s
Details
CI / test-nodejs-website (push) Successful in 26s
Details
Phase 9c: Parent accounts, magic-link login + parent timetable view 
Backend (school-service):
  - parent_account, parent_child, parent_magic_link, parent_session
    tables. Tokens are sha256-hashed in DB; raw goes back exactly
    once to the inviting teacher.
  - InviteParent upserts the parent account, links a child to a tt_
    class, mints a 7-day magic link. Returns the link path so the
    teacher can paste it into Matrix/Email.
  - RedeemMagicLink validates + marks used + mints a 30-day session,
    sets HttpOnly bp_parent_session cookie.
  - ParentSessionMiddleware reads the cookie and resolves the parent.
    Lives in its own router group /api/v1/parent — totally separate
    from the teacher JWT path.
  - ParentMe returns the account + list of children (with class name).
  - ParentTimetable returns the latest completed tt_solution's lessons
    for the requested child's class, with full authorization check
    (parent must own a child in that class).

Frontend (studio-v2):
  - lib/calendar/subject-i18n.ts maps 22 German subject names to 8
    parent locales (de/en/tr/ar/uk/ru/pl/fr). Falls back to German
    for custom subjects.
  - ParentManager component on the Schulkalender page lets the teacher
    invite parents via email + child name + class + language. Newly
    minted magic-link is shown with a copy-to-clipboard button.
  - app/api/parent/[...path]/route.ts proxies parent-side endpoints
    via the cookie so HttpOnly survives the Next.js round-trip.
  - /eltern/login?token=… redeems and redirects to /eltern.
  - /eltern shows a Wochengrid with German days + translated subject
    names in the parent's preferred language. Headings and weekday
    labels also localised (de/en/tr/ar/uk/ru/pl/fr).

Tests:
  - 3 new Go unit tests (random token, hash stability, invite-request
    validator). 83 subtests gesamt.
  - studio-v2: e2e/eltern.spec.ts mit 7 tests across ParentManager,
    /eltern/login, /eltern overview, subject-i18n end-to-end.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 11:50:35 +02:00

47 lines
2.0 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server'
/**
* Proxy for the parent-side school-service endpoints. Mirrors the school
* proxy but forwards the parent-session cookie via Set-Cookie/Cookie
* headers so HttpOnly survives the round-trip.
*/
const BACKEND_URL = process.env.SCHOOL_SERVICE_URL || 'http://school-service:8084'
async function proxy(request: NextRequest, params: { path: string[] }): Promise<NextResponse> {
const path = params.path.join('/')
const url = `${BACKEND_URL}/api/v1/parent/${path}${request.nextUrl.search}`
const headers: HeadersInit = { 'Content-Type': 'application/json' }
const cookie = request.headers.get('cookie')
if (cookie) headers['Cookie'] = cookie
const init: RequestInit = { method: request.method, headers }
if (['POST', 'PUT', 'PATCH'].includes(request.method)) {
init.body = await request.text()
}
try {
const upstream = await fetch(url, init)
const body = await upstream.text()
const res = new NextResponse(body, {
status: upstream.status,
headers: { 'Content-Type': upstream.headers.get('content-type') || 'application/json' },
})
// Mirror Set-Cookie back so the browser stores the parent session.
const setCookie = upstream.headers.get('set-cookie')
if (setCookie) res.headers.set('Set-Cookie', setCookie)
return res
} catch (error) {
return NextResponse.json(
{ error: 'school-service nicht erreichbar', details: error instanceof Error ? error.message : 'Unknown error' },
{ status: 502 },
)
}
}
export async function GET(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) }
export async function POST(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) }
export async function PUT(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) }
export async function DELETE(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) }
Reference in New Issue View Git Blame Copy Permalink