Upload 54 files

server.js

@@ -368,13 +368,33 @@ app.post('/api/achievements/exchange', async (req, res) => {
     if (rule.rewardType === 'DRAW_COUNT') { await Student.findByIdAndUpdate(studentId, { $inc: { drawAttempts: rule.rewardValue } }); }
     res.json({ success: true });
 });
+
+// --- UPDATED AUTH/ME LOGIC ---
 app.get('/api/auth/me', async (req, res) => {
+    // 1. Try header (for internal AI calls if needed)
     const username = req.headers['x-user-username'];
-    if (!username) return res.status(401).json({ error: 'Unauthorized' });
-    const user = await User.findOne({ username });
-    if (!user) return res.status(404).json({ error: 'User not found' });
-    res.json(user);
+    if (username) {
+        const user = await User.findOne({ username });
+        if (user) return res.json(user);
+    }
+
+    // 2. Try Authorization Token (Standard way)
+    const authHeader = req.headers.authorization;
+    if (authHeader) {
+        const token = authHeader.split(' ')[1]; // Bearer <token>
+        if (token && token.startsWith('mock-token-')) {
+            const userId = token.replace('mock-token-', '');
+            // Validate ID format (Mongodb ObjectId is 24 hex chars)
+            if (/^[0-9a-fA-F]{24}$/.test(userId)) {
+                const user = await User.findById(userId);
+                if (user) return res.json(user);
+            }
+        }
+    }
+
+    return res.status(401).json({ error: 'Unauthorized' });
 });
+
 app.post('/api/auth/update-profile', async (req, res) => {
     const { userId, trueName, phone, avatar, currentPassword, newPassword } = req.body;
     try {
@@ -504,6 +524,8 @@ app.post('/api/courses', async (req, res) => { const data = injectSchoolId(req,
 app.get('/api/public/schools', async (req, res) => { res.json(await School.find({}, 'name code _id')); });
 app.get('/api/public/config', async (req, res) => { const currentSem = getAutoSemester(); let config = await ConfigModel.findOne({ key: 'main' }); if (config) { let semesters = config.semesters || []; if (!semesters.includes(currentSem)) { semesters.unshift(currentSem); config.semesters = semesters; config.semester = currentSem; await ConfigModel.updateOne({ key: 'main' }, { semesters, semester: currentSem }); } } else { config = { key: 'main', allowRegister: true, semester: currentSem, semesters: [currentSem] }; } res.json(config); });
 app.get('/api/public/meta', async (req, res) => { res.json({ classes: await ClassModel.find({ schoolId: req.query.schoolId }), subjects: await SubjectModel.find({ schoolId: req.query.schoolId }) }); });
+
+// --- UPDATED LOGIN: RETURN { token, user } ---
 app.post('/api/auth/login', async (req, res) => { 
     const { username, password } = req.body; 
     const user = await User.findOne({ username, password }); 
@@ -511,6 +533,7 @@ app.post('/api/auth/login', async (req, res) => {
     if (user.status !== 'active') return res.status(403).json({ error: 'PENDING_APPROVAL' }); 
     res.json({ token: 'mock-token-' + user._id, user }); 
 });
+
 app.get('/api/schools', async (req, res) => { res.json(await School.find()); });
 app.post('/api/schools', async (req, res) => { res.json(await School.create(req.body)); });
 app.put('/api/schools/:id', async (req, res) => { await School.findByIdAndUpdate(req.params.id, req.body); res.json({}); });

services/api.ts

@@ -63,7 +63,11 @@ export const api = {
     getCurrentUser: (): User | null => {
       try {
         const userStr = localStorage.getItem('user');
-        if (!userStr || userStr === 'undefined') return null;
+        // Handle explicit "undefined" string or null
+        if (!userStr || userStr === 'undefined' || userStr === 'null') {
+            if(userStr) localStorage.removeItem('user');
+            return null;
+        }
         return JSON.parse(userStr);
       } catch (e) {
         console.warn('Failed to parse user session, clearing cache.');