Benjamin_Boenisch/breakpilot-lehrer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9858084ddb3902f8dadf87e2faf733bb9617da8
breakpilot-lehrer/studio-v2/lib/eltern/api.ts
T
Benjamin Admin d9858084dd
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-school (push) Successful in 31s
Details
CI / test-go-edu-search (push) Successful in 30s
Details
CI / test-python-klausur (push) Failing after 2m36s
Details
CI / test-python-agent-core (push) Successful in 21s
Details
CI / test-nodejs-website (push) Successful in 26s
Details
Phase 9c: Parent accounts, magic-link login + parent timetable view 
Backend (school-service):
  - parent_account, parent_child, parent_magic_link, parent_session
    tables. Tokens are sha256-hashed in DB; raw goes back exactly
    once to the inviting teacher.
  - InviteParent upserts the parent account, links a child to a tt_
    class, mints a 7-day magic link. Returns the link path so the
    teacher can paste it into Matrix/Email.
  - RedeemMagicLink validates + marks used + mints a 30-day session,
    sets HttpOnly bp_parent_session cookie.
  - ParentSessionMiddleware reads the cookie and resolves the parent.
    Lives in its own router group /api/v1/parent — totally separate
    from the teacher JWT path.
  - ParentMe returns the account + list of children (with class name).
  - ParentTimetable returns the latest completed tt_solution's lessons
    for the requested child's class, with full authorization check
    (parent must own a child in that class).

Frontend (studio-v2):
  - lib/calendar/subject-i18n.ts maps 22 German subject names to 8
    parent locales (de/en/tr/ar/uk/ru/pl/fr). Falls back to German
    for custom subjects.
  - ParentManager component on the Schulkalender page lets the teacher
    invite parents via email + child name + class + language. Newly
    minted magic-link is shown with a copy-to-clipboard button.
  - app/api/parent/[...path]/route.ts proxies parent-side endpoints
    via the cookie so HttpOnly survives the Next.js round-trip.
  - /eltern/login?token=… redeems and redirects to /eltern.
  - /eltern shows a Wochengrid with German days + translated subject
    names in the parent's preferred language. Headings and weekday
    labels also localised (de/en/tr/ar/uk/ru/pl/fr).

Tests:
  - 3 new Go unit tests (random token, hash stability, invite-request
    validator). 83 subtests gesamt.
  - studio-v2: e2e/eltern.spec.ts mit 7 tests across ParentManager,
    /eltern/login, /eltern overview, subject-i18n end-to-end.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 11:50:35 +02:00

65 lines
1.8 KiB
TypeScript
Raw Blame History

/**
* Parent API client. Cookies (HttpOnly bp_parent_session) carry auth —
* we never store the session token in JS-readable storage. credentials:
* 'include' is mandatory so the cookie ships with each request.
*/
const PROXY_PREFIX = '/api/parent'
interface FetchOptions extends RequestInit {
expectJson?: boolean
}
async function parentFetch<T>(endpoint: string, opts: FetchOptions = {}): Promise<T> {
const res = await fetch(`${PROXY_PREFIX}${endpoint}`, {
...opts,
credentials: 'include',
headers: {
'Content-Type': 'application/json',
...(opts.headers as Record<string, string> | undefined),
},
})
if (!res.ok) {
const err = await res.json().catch(() => ({ error: 'Unknown error' }))
throw new Error(err.error || `HTTP ${res.status}`)
}
if (res.status === 204) return undefined as T
return res.json()
}
export interface ParentMeResponse {
parent: { id: string; email: string; preferred_language: string }
children: Array<{
id: string
parent_id: string
tt_class_id: string
first_name: string
last_name: string
class_name?: string
}>
}
export interface ParentLesson {
DayOfWeek: number
PeriodIndex: number
StartTime: string
EndTime: string
ClassName: string
SubjectName: string
SubjectCode: string
TeacherName: string
RoomName: string
Pinned: boolean
}
export const elternApi = {
redeem: (token: string) =>
parentFetch<{ id: string; email: string; preferred_language: string }>('/auth/redeem', {
method: 'POST', body: JSON.stringify({ token }),
}),
me: () => parentFetch<ParentMeResponse>('/me'),
timetable: (classId: string) =>
parentFetch<ParentLesson[]>(`/me/timetable?class_id=${encodeURIComponent(classId)}`),
logout: () => parentFetch<void>('/auth/logout', { method: 'POST' }),
}
Reference in New Issue View Git Blame Copy Permalink