Upload 54 files

server.js

@@ -3,7 +3,7 @@ const {
     School, User, Student, Course, Score, ClassModel, SubjectModel, ExamModel, ScheduleModel,
     ConfigModel, NotificationModel, GameSessionModel, StudentRewardModel, LuckyDrawConfigModel, GameMonsterConfigModel, GameZenConfigModel,
     AchievementConfigModel, TeacherExchangeConfigModel, StudentAchievementModel, AttendanceModel, LeaveRequestModel, SchoolCalendarModel,
-    WishModel, FeedbackModel, TodoModel
+    WishModel, FeedbackModel, TodoModel, AIUsageModel
 } = require('./models');
 
 // Import AI Routes
@@ -113,8 +113,6 @@ const generateStudentNo = async () => {
 // MOUNT AI ROUTES
 app.use('/api/ai', aiRoutes);
 
-// ... (Rest of Existing Routes) ...
-
 // --- TODO LIST ENDPOINTS ---
 app.get('/api/todos', async (req, res) => {
     const username = req.headers['x-user-username'];
@@ -201,7 +199,6 @@ app.put('/api/users/:id/menu-order', async (req, res) => {
     res.json({ success: true });
 });
 
-// ... (Rest of existing routes unchanged) ...
 app.get('/api/classes/:className/teachers', async (req, res) => {
     const { className } = req.params;
     const schoolId = req.headers['x-school-id'];
@@ -384,10 +381,13 @@ app.get('/api/auth/me', async (req, res) => {
         const token = authHeader.split(' ')[1]; // Bearer <token>
         if (token && token.startsWith('mock-token-')) {
             const userId = token.replace('mock-token-', '');
-            // Validate ID format (Mongodb ObjectId is 24 hex chars)
-            if (/^[0-9a-fA-F]{24}$/.test(userId)) {
+            try {
+                // Simplified lookup without strict regex to support migrated/mock data
                 const user = await User.findById(userId);
                 if (user) return res.json(user);
+            } catch (e) {
+                // Ignore cast errors or invalid ID formats
+                console.log('Session lookup error:', e.message);
             }
         }
     }
@@ -531,7 +531,7 @@ app.post('/api/auth/login', async (req, res) => {
     const user = await User.findOne({ username, password }); 
     if (!user) return res.status(401).json({ message: 'Error' }); 
     if (user.status !== 'active') return res.status(403).json({ error: 'PENDING_APPROVAL' }); 
-    res.json({ token: 'mock-token-' + user._id, user }); 
+    res.json({ token: 'mock-token-' + user._id.toString(), user }); 
 });
 
 app.get('/api/schools', async (req, res) => { res.json(await School.find()); });

services/api.ts

@@ -3,7 +3,7 @@ import { User } from '../types';
 
 const API_BASE = '/api';
 
-const request = async (endpoint: string, options?: RequestInit) => {
+const request = async (endpoint: string, options?: RequestInit & { skipRedirect?: boolean }) => {
   const token = localStorage.getItem('token');
   const headers = {
     'Content-Type': 'application/json',
@@ -24,9 +24,11 @@ const request = async (endpoint: string, options?: RequestInit) => {
   });
 
   if (response.status === 401) {
-    localStorage.removeItem('token');
-    localStorage.removeItem('user');
-    window.location.href = '/';
+    if (!options?.skipRedirect) {
+        localStorage.removeItem('token');
+        localStorage.removeItem('user');
+        window.location.href = '/';
+    }
     throw new Error('Unauthorized');
   }
 
@@ -77,10 +79,17 @@ export const api = {
     },
     refreshSession: async () => {
         try {
-            const user = await request('/auth/me');
+            // Pass skipRedirect: true to prevent infinite reload loop if server returns 401
+            // @ts-ignore
+            const user = await request('/auth/me', { skipRedirect: true });
             localStorage.setItem('user', JSON.stringify(user));
             return user;
-        } catch (e) { return null; }
+        } catch (e) { 
+            // If refresh fails (e.g. 401), clear local user to force re-login on next check, but don't hard reload
+            localStorage.removeItem('user');
+            localStorage.removeItem('token');
+            return null; 
+        }
     },
     updateProfile: (data: any) => request('/auth/profile', { method: 'PUT', body: JSON.stringify(data) }),
   },