Upload 54 files

server.js

@@ -1,123 +1,548 @@
 
+const { 
+    School, User, Student, Course, Score, ClassModel, SubjectModel, ExamModel, ScheduleModel,
+    ConfigModel, NotificationModel, GameSessionModel, StudentRewardModel, LuckyDrawConfigModel, GameMonsterConfigModel, GameZenConfigModel,
+    AchievementConfigModel, TeacherExchangeConfigModel, StudentAchievementModel, AttendanceModel, LeaveRequestModel, SchoolCalendarModel,
+    WishModel, FeedbackModel, TodoModel
+} = require('./models');
+
+// Import AI Routes
+const aiRoutes = require('./ai-routes');
+
 const express = require('express');
 const mongoose = require('mongoose');
-const bodyParser = require('body-parser');
 const cors = require('cors');
+const bodyParser = require('body-parser');
 const path = require('path');
-const compression = require('compression');
-
-// Import Routes
-const aiRoutes = require('./ai-routes');
-// Note: Assuming other routes (auth, students, etc.) are handled in a separate file or inline. 
-// Since previous file content was overwritten/unclear, we'll setup a basic server structure
-// that includes the AI routes and generic CRUD handlers if they were meant to be here.
-// For now, we focus on fixing the start-up error.
+const compression = require('compression'); 
 
-const { 
-    User, Student, Course, Score, ClassModel, SubjectModel, ExamModel, ScheduleModel,
-    ConfigModel, NotificationModel, GameSessionModel, StudentRewardModel, LuckyDrawConfigModel,
-    GameMonsterConfigModel, GameZenConfigModel, AchievementConfigModel, TeacherExchangeConfigModel,
-    StudentAchievementModel, AttendanceModel, LeaveRequestModel, SchoolCalendarModel,
-    WishModel, FeedbackModel, TodoModel, School
-} = require('./models');
+const PORT = 7860;
+const MONGO_URI = 'mongodb+srv://dv890a:db8822723@chatpro.gw3v0v7.mongodb.net/chatpro?retryWrites=true&w=majority&appName=chatpro&authSource=admin';
 
 const app = express();
-const PORT = process.env.PORT || 7860;
 
-// Middleware
+app.use(compression({
+  filter: (req, res) => {
+    if (req.originalUrl && req.originalUrl.includes('/api/ai/chat')) {
+        return false; 
+    }
+    return compression.filter(req, res);
+  }
+}));
+
 app.use(cors());
-app.use(compression());
-app.use(bodyParser.json({ limit: '50mb' }));
-app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));
+app.use(bodyParser.json({ limit: '50mb' })); 
+app.use(express.static(path.join(__dirname, 'dist'), {
+  setHeaders: (res, filePath) => {
+    if (filePath.endsWith('.html')) {
+      res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+    } else {
+      res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
+    }
+  }
+}));
 
-// Database Connection
-mongoose.connect(process.env.MONGODB_URI || 'mongodb://localhost:27017/school_db')
-  .then(() => console.log('MongoDB Connected'))
-  .catch(err => console.error('MongoDB Connection Error:', err));
+const InMemoryDB = { schools: [], users: [], isFallback: false };
+const connectDB = async () => {
+  try {
+    await mongoose.connect(MONGO_URI, { serverSelectionTimeoutMS: 30000 });
+    console.log('✅ MongoDB 连接成功 (Real Data)');
+    
+    // FIX: Drop the restrictive index that prevents multiple schedules per slot
+    try {
+        await ScheduleModel.collection.dropIndex('schoolId_1_className_1_dayOfWeek_1_period_1');
+        console.log('✅ Dropped restrictive schedule index');
+    } catch (e) {
+        // Ignore error if index doesn't exist
+    }
+
+  } catch (err) {
+    console.error('❌ MongoDB 连接失败:', err.message);
+    InMemoryDB.isFallback = true;
+  }
+};
+connectDB();
+
+const getQueryFilter = (req) => { 
+  const s = req.headers['x-school-id']; 
+  const role = req.headers['x-user-role'];
+  if (role === 'PRINCIPAL') {
+      if (!s) return { _id: null }; 
+      return { schoolId: s };
+  }
+  if (!s) return {};
+  return { 
+    $or: [
+      { schoolId: s },
+      { schoolId: { $exists: false } },
+      { schoolId: null }
+    ]
+  }; 
+};
+const injectSchoolId = (req, b) => ({ ...b, schoolId: req.headers['x-school-id'] });
+
+const getGameOwnerFilter = async (req) => {
+    const role = req.headers['x-user-role'];
+    const username = req.headers['x-user-username'];
+    if (role === 'TEACHER') {
+        const user = await User.findOne({ username });
+        return { ownerId: user ? user._id.toString() : 'unknown' };
+    }
+    return {};
+};
+
+const getAutoSemester = () => {
+    const now = new Date();
+    const month = now.getMonth() + 1; 
+    const year = now.getFullYear();
+    if (month >= 8 || month === 1) {
+        const startYear = month === 1 ? year - 1 : year;
+        return `${startYear}-${startYear + 1}学年 第一学期`;
+    } else {
+        const startYear = year - 1;
+        return `${startYear}-${startYear + 1}学年 第二学期`;
+    }
+};
 
-// --- Routes ---
+const generateStudentNo = async () => {
+    const year = new Date().getFullYear();
+    const random = Math.floor(100000 + Math.random() * 900000); 
+    return `${year}${random}`;
+};
 
-// AI Routes
+// MOUNT AI ROUTES
 app.use('/api/ai', aiRoutes);
 
-// Generic CRUD Handlers (Restoring presumed functionality based on api.ts)
-// Auth
-app.post('/api/auth/login', async (req, res) => {
+// ... (Rest of Existing Routes) ...
+
+// --- TODO LIST ENDPOINTS ---
+app.get('/api/todos', async (req, res) => {
+    const username = req.headers['x-user-username'];
+    if (!username) return res.status(401).json({ error: 'Unauthorized' });
+    const user = await User.findOne({ username });
+    if (!user) return res.status(404).json({ error: 'User not found' });
+    res.json(await TodoModel.find({ userId: user._id.toString() }).sort({ isCompleted: 1, createTime: -1 }));
+});
+
+app.post('/api/todos', async (req, res) => {
+    const username = req.headers['x-user-username'];
+    const user = await User.findOne({ username });
+    if (!user) return res.status(404).json({ error: 'User not found' });
+    await TodoModel.create({ ...req.body, userId: user._id.toString() });
+    res.json({ success: true });
+});
+
+app.put('/api/todos/:id', async (req, res) => {
+    await TodoModel.findByIdAndUpdate(req.params.id, req.body);
+    res.json({ success: true });
+});
+
+app.delete('/api/todos/:id', async (req, res) => {
+    await TodoModel.findByIdAndDelete(req.params.id);
+    res.json({ success: true });
+});
+
+// --- UPDATED SCHEDULE ENDPOINTS ---
+app.get('/api/schedules', async (req, res) => { 
+    const query = { ...getQueryFilter(req), ...req.query }; 
+    if (query.grade) { query.className = { $regex: '^' + query.grade }; delete query.grade; } 
+    res.json(await ScheduleModel.find(query)); 
+});
+
+// NEW: Update by ID (Exact Update)
+app.put('/api/schedules/:id', async (req, res) => {
     try {
-        const { username, password } = req.body;
-        const user = await User.findOne({ username, password });
-        if (!user) return res.status(401).json({ error: 'Invalid credentials' });
-        if (user.status === 'banned') return res.status(403).json({ error: 'BANNED' });
-        if (user.status === 'pending') return res.status(403).json({ error: 'PENDING_APPROVAL' });
-        res.json({ token: 'mock-token-' + user._id, user });
-    } catch (e) { res.status(500).json({ error: e.message }); }
+        await ScheduleModel.findByIdAndUpdate(req.params.id, req.body);
+        res.json({ success: true });
+    } catch (e) {
+        res.status(500).json({ error: e.message });
+    }
 });
 
-app.post('/api/auth/register', async (req, res) => {
+// Create or Update by Logic (Upsert)
+app.post('/api/schedules', async (req, res) => { 
     try {
-        const newUser = new User({ ...req.body, status: 'pending', createTime: new Date() });
-        await newUser.save();
-        res.json(newUser);
-    } catch (e) { res.status(500).json({ error: e.message }); }
+        // Updated Filter: Include weekType to allow separate ODD/EVEN records for same slot
+        const filter = { 
+            className: req.body.className, 
+            dayOfWeek: req.body.dayOfWeek, 
+            period: req.body.period,
+            weekType: req.body.weekType || 'ALL'
+        }; 
+        const sId = req.headers['x-school-id']; 
+        if(sId) filter.schoolId = sId; 
+        
+        await ScheduleModel.findOneAndUpdate(filter, injectSchoolId(req, req.body), {upsert:true}); 
+        res.json({}); 
+    } catch (e) {
+        console.error("Save schedule error:", e);
+        res.status(500).json({ error: e.message });
+    }
 });
 
-app.get('/api/auth/me', async (req, res) => {
-    // Simple mock auth check
-    const token = req.headers.authorization;
-    if (!token) return res.status(401).json({ error: 'No token' });
-    // In real app, decode token. Here we assume client has valid session if they have a token.
-    // For refresh, we'd need user ID. Since this is a fix, we'll return a mock or rely on client data.
-    res.json({}); 
-});
-
-// Basic Resource Routes (Simplified for fix)
-const resources = {
-    'students': Student,
-    'classes': ClassModel,
-    'courses': Course,
-    'scores': Score,
-    'subjects': SubjectModel,
-    'users': User,
-    'schools': School,
-    'exams': ExamModel,
-    'todos': TodoModel
-};
+app.delete('/api/schedules', async (req, res) => { 
+    try {
+        // Support deleting by ID if provided
+        if (req.query.id) {
+            await ScheduleModel.findByIdAndDelete(req.query.id);
+        } else {
+            await ScheduleModel.deleteOne({...getQueryFilter(req), ...req.query}); 
+        }
+        res.json({}); 
+    } catch (e) {
+        res.status(500).json({ error: e.message });
+    }
+});
 
-Object.keys(resources).forEach(path => {
-    const Model = resources[path];
-    app.get(`/api/${path}`, async (req, res) => {
-        try { res.json(await Model.find(req.query)); } catch (e) { res.status(500).json({ error: e.message }); }
-    });
-    app.post(`/api/${path}`, async (req, res) => {
-        try { const item = new Model(req.body); await item.save(); res.json(item); } catch (e) { res.status(500).json({ error: e.message }); }
-    });
-    app.put(`/api/${path}/:id`, async (req, res) => {
-        try { await Model.findByIdAndUpdate(req.params.id, req.body); res.json({ success: true }); } catch (e) { res.status(500).json({ error: e.message }); }
-    });
-    app.delete(`/api/${path}/:id`, async (req, res) => {
-        try { await Model.findByIdAndDelete(req.params.id); res.json({ success: true }); } catch (e) { res.status(500).json({ error: e.message }); }
-    });
-});
-
-// Config Route
-app.get('/api/config', async (req, res) => res.json(await ConfigModel.findOne({ key: 'main' }) || {}));
-app.post('/api/config', async (req, res) => {
-    await ConfigModel.findOneAndUpdate({ key: 'main' }, req.body, { upsert: true });
+// --- USER MENU ORDER ---
+app.put('/api/users/:id/menu-order', async (req, res) => {
+    const { menuOrder } = req.body;
+    await User.findByIdAndUpdate(req.params.id, { menuOrder });
     res.json({ success: true });
 });
-app.get('/api/public/config', async (req, res) => {
-    const cfg = await ConfigModel.findOne({ key: 'main' });
-    if(cfg) {
-        // Hide keys
-        const { apiKeys, ...publicCfg } = cfg.toObject();
-        res.json(publicCfg);
-    } else res.json({});
+
+// ... (Rest of existing routes unchanged) ...
+app.get('/api/classes/:className/teachers', async (req, res) => {
+    const { className } = req.params;
+    const schoolId = req.headers['x-school-id'];
+    const normalize = (s) => (s || '').replace(/\s+/g, '');
+    const searchName = normalize(decodeURIComponent(className));
+    const teacherIds = new Set();
+    const teacherNamesToResolve = new Set();
+    try {
+        const allClasses = await ClassModel.find({ schoolId });
+        const matchedClass = allClasses.find(c => {
+             const full = normalize(c.grade + c.className);
+             const sub = normalize(c.className);
+             return full === searchName || sub === searchName;
+        });
+        if (matchedClass) {
+            if (matchedClass.homeroomTeacherIds && matchedClass.homeroomTeacherIds.length > 0) {
+                matchedClass.homeroomTeacherIds.forEach(id => teacherIds.add(id));
+            }
+            if (matchedClass.teacherName) { matchedClass.teacherName.split(/[,，]/).forEach(n => { if(n.trim()) teacherNamesToResolve.add(n.trim()); }); }
+        }
+        const allCourses = await Course.find({ schoolId });
+        allCourses.forEach(c => {
+            if (normalize(c.className) === searchName) {
+                if (c.teacherId) { teacherIds.add(c.teacherId); } else if (c.teacherName) { teacherNamesToResolve.add(c.teacherName); }
+            }
+        });
+        if (teacherNamesToResolve.size > 0) {
+            const names = Array.from(teacherNamesToResolve);
+            const users = await User.find({ schoolId, role: 'TEACHER', $or: [ { trueName: { $in: names } }, { username: { $in: names } } ] });
+            users.forEach(u => teacherIds.add(u._id.toString()));
+        }
+        if (teacherIds.size === 0) return res.json([]);
+        const teachers = await User.find({ _id: { $in: Array.from(teacherIds) } }, 'trueName username _id teachingSubject');
+        res.json(teachers);
+    } catch (e) { res.json([]); }
+});
+
+app.get('/api/wishes', async (req, res) => {
+    const { teacherId, studentId, status } = req.query;
+    const filter = getQueryFilter(req);
+    if (teacherId) filter.teacherId = teacherId;
+    if (studentId) filter.studentId = studentId;
+    if (status) filter.status = status;
+    res.json(await WishModel.find(filter).sort({ status: -1, createTime: -1 }));
+});
+
+app.post('/api/wishes', async (req, res) => {
+    const data = injectSchoolId(req, req.body);
+    const existing = await WishModel.findOne({ studentId: data.studentId, status: 'PENDING' });
+    if (existing) { return res.status(400).json({ error: 'LIMIT_REACHED', message: '您还有一个未实现的愿望，请等待实现后再许愿！' }); }
+    await WishModel.create(data);
+    res.json({ success: true });
+});
+
+app.post('/api/wishes/:id/fulfill', async (req, res) => {
+    await WishModel.findByIdAndUpdate(req.params.id, { status: 'FULFILLED', fulfillTime: new Date() });
+    res.json({ success: true });
+});
+
+app.post('/api/wishes/random-fulfill', async (req, res) => {
+    const { teacherId } = req.body;
+    const pendingWishes = await WishModel.find({ teacherId, status: 'PENDING' });
+    if (pendingWishes.length === 0) { return res.status(404).json({ error: 'NO_WISHES', message: '暂无待实现的愿望' }); }
+    const randomWish = pendingWishes[Math.floor(Math.random() * pendingWishes.length)];
+    await WishModel.findByIdAndUpdate(randomWish._id, { status: 'FULFILLED', fulfillTime: new Date() });
+    res.json({ success: true, wish: randomWish });
+});
+
+app.get('/api/feedback', async (req, res) => {
+    const { targetId, creatorId, type, status } = req.query;
+    const filter = getQueryFilter(req);
+    if (targetId) filter.targetId = targetId;
+    if (creatorId) filter.creatorId = creatorId;
+    if (type) filter.type = type;
+    if (status) { const statuses = status.split(','); if (statuses.length > 1) { filter.status = { $in: statuses }; } else { filter.status = status; } }
+    res.json(await FeedbackModel.find(filter).sort({ createTime: -1 }));
+});
+
+app.post('/api/feedback', async (req, res) => {
+    const data = injectSchoolId(req, req.body);
+    await FeedbackModel.create(data);
+    res.json({ success: true });
+});
+
+app.put('/api/feedback/:id', async (req, res) => {
+    const { id } = req.params; const { status, reply } = req.body;
+    const updateData = { updateTime: new Date() };
+    if (status) updateData.status = status;
+    if (reply !== undefined) updateData.reply = reply;
+    await FeedbackModel.findByIdAndUpdate(id, updateData);
+    res.json({ success: true });
+});
+
+app.post('/api/feedback/ignore-all', async (req, res) => {
+    const { targetId } = req.body;
+    await FeedbackModel.updateMany( { targetId, status: 'PENDING' }, { status: 'IGNORED', updateTime: new Date() } );
+    res.json({ success: true });
+});
+
+app.get('/api/games/lucky-config', async (req, res) => {
+   const filter = getQueryFilter(req);
+   if (req.query.ownerId) { filter.ownerId = req.query.ownerId; } else { const ownerFilter = await getGameOwnerFilter(req); Object.assign(filter, ownerFilter); }
+   if (req.query.className) filter.className = req.query.className;
+   const config = await LuckyDrawConfigModel.findOne(filter);
+   res.json(config || null); 
+});
+app.get('/api/achievements/config', async (req, res) => {
+    const { className } = req.query;
+    const filter = getQueryFilter(req);
+    if (className) filter.className = className;
+    res.json(await AchievementConfigModel.findOne(filter));
+});
+app.post('/api/achievements/config', async (req, res) => {
+    const data = injectSchoolId(req, req.body);
+    await AchievementConfigModel.findOneAndUpdate( { className: data.className, ...getQueryFilter(req) },  data,  { upsert: true } );
+    res.json({ success: true });
+});
+app.get('/api/achievements/teacher-rules', async (req, res) => {
+    const filter = getQueryFilter(req);
+    if (req.query.teacherId) { filter.teacherId = req.query.teacherId; } else if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); if (user) filter.teacherId = user._id.toString(); }
+    if (req.query.teacherIds) { const ids = req.query.teacherIds.split(','); delete filter.teacherId; filter.teacherId = { $in: ids }; const configs = await TeacherExchangeConfigModel.find(filter); return res.json(configs); }
+    const config = await TeacherExchangeConfigModel.findOne(filter);
+    res.json(config || { rules: [] });
+});
+app.post('/api/achievements/teacher-rules', async (req, res) => {
+    const data = injectSchoolId(req, req.body);
+    const user = await User.findOne({ username: req.headers['x-user-username'] });
+    if (!user) return res.status(404).json({ error: 'User not found' });
+    data.teacherId = user._id.toString();
+    data.teacherName = user.trueName || user.username;
+    await TeacherExchangeConfigModel.findOneAndUpdate( { teacherId: data.teacherId, ...getQueryFilter(req) }, data, { upsert: true } );
+    res.json({ success: true });
+});
+app.get('/api/achievements/student', async (req, res) => {
+    const { studentId, semester } = req.query;
+    const filter = { studentId };
+    if (semester) filter.semester = semester;
+    res.json(await StudentAchievementModel.find(filter).sort({ createTime: -1 }));
+});
+app.post('/api/achievements/grant', async (req, res) => {
+    const { studentId, achievementId, semester } = req.body;
+    const sId = req.headers['x-school-id'];
+    const student = await Student.findById(studentId);
+    if (!student) return res.status(404).json({ error: 'Student not found' });
+    const config = await AchievementConfigModel.findOne({ className: student.className, schoolId: sId });
+    const achievement = config?.achievements.find(a => a.id === achievementId);
+    if (!achievement) return res.status(404).json({ error: 'Achievement not found' });
+    await StudentAchievementModel.create({ schoolId: sId, studentId, studentName: student.name, achievementId: achievement.id, achievementName: achievement.name, achievementIcon: achievement.icon, semester, createTime: new Date() });
+    await Student.findByIdAndUpdate(studentId, { $inc: { flowerBalance: achievement.points } });
+    res.json({ success: true });
+});
+app.post('/api/achievements/exchange', async (req, res) => {
+    const { studentId, ruleId, teacherId } = req.body; 
+    const sId = req.headers['x-school-id'];
+    const student = await Student.findById(studentId);
+    if (!student) return res.status(404).json({ error: 'Student not found' });
+    let rule = null;
+    let ownerId = null; 
+    if (teacherId) { const tConfig = await TeacherExchangeConfigModel.findOne({ teacherId, schoolId: sId }); rule = tConfig?.rules.find(r => r.id === ruleId); ownerId = teacherId; } else { const config = await AchievementConfigModel.findOne({ className: student.className, schoolId: sId }); rule = config?.exchangeRules?.find(r => r.id === ruleId); }
+    if (!rule) return res.status(404).json({ error: 'Rule not found' });
+    if (student.flowerBalance < rule.cost) { return res.status(400).json({ error: 'INSUFFICIENT_FUNDS', message: '小红花余额不足' }); }
+    await Student.findByIdAndUpdate(studentId, { $inc: { flowerBalance: -rule.cost } });
+    await StudentRewardModel.create({ schoolId: sId, studentId, studentName: student.name, rewardType: rule.rewardType, name: rule.rewardName, count: rule.rewardValue, status: rule.rewardType === 'DRAW_COUNT' ? 'REDEEMED' : 'PENDING', source: '积分兑换', ownerId, createTime: new Date() });
+    if (rule.rewardType === 'DRAW_COUNT') { await Student.findByIdAndUpdate(studentId, { $inc: { drawAttempts: rule.rewardValue } }); }
+    res.json({ success: true });
+});
+app.get('/api/auth/me', async (req, res) => {
+    const username = req.headers['x-user-username'];
+    if (!username) return res.status(401).json({ error: 'Unauthorized' });
+    const user = await User.findOne({ username });
+    if (!user) return res.status(404).json({ error: 'User not found' });
+    res.json(user);
+});
+app.post('/api/auth/update-profile', async (req, res) => {
+    const { userId, trueName, phone, avatar, currentPassword, newPassword } = req.body;
+    try {
+        const user = await User.findById(userId);
+        if (!user) return res.status(404).json({ error: 'User not found' });
+        if (newPassword) { if (user.password !== currentPassword) return res.status(401).json({ error: 'INVALID_PASSWORD', message: '旧密码错误' }); user.password = newPassword; }
+        if (trueName) user.trueName = trueName; if (phone) user.phone = phone; if (avatar) user.avatar = avatar;
+        await user.save();
+        if (user.role === 'STUDENT') await Student.findOneAndUpdate({ studentNo: user.studentNo }, { name: user.trueName || user.username, phone: user.phone });
+        res.json({ success: true, user });
+    } catch (e) { res.status(500).json({ error: e.message }); }
+});
+app.post('/api/auth/register', async (req, res) => {
+    const { role, username, password, schoolId, trueName, seatNo } = req.body;
+    const className = req.body.className || req.body.homeroomClass; 
+    try {
+        if (role === 'STUDENT') {
+            if (!trueName || !className) return res.status(400).json({ error: 'MISSING_FIELDS', message: '姓名和班级不能为空' });
+            const cleanName = trueName.trim(); const cleanClass = className.trim();
+            const existingProfile = await Student.findOne({ schoolId, name: { $regex: new RegExp(`^${cleanName}$`, 'i') }, className: cleanClass });
+            let finalUsername = '';
+            if (existingProfile) {
+                if (existingProfile.studentNo && existingProfile.studentNo.length > 5) finalUsername = existingProfile.studentNo;
+                else { finalUsername = await generateStudentNo(); existingProfile.studentNo = finalUsername; await existingProfile.save(); }
+                const userExists = await User.findOne({ username: finalUsername, schoolId });
+                if (userExists) return res.status(409).json({ error: userExists.status === 'active' ? 'ACCOUNT_EXISTS' : 'ACCOUNT_PENDING', message: '账号已存在' });
+            } else finalUsername = await generateStudentNo();
+            await User.create({ username: finalUsername, password, role: 'STUDENT', trueName: cleanName, schoolId, status: 'pending', homeroomClass: cleanClass, studentNo: finalUsername, seatNo: seatNo || '', parentName: req.body.parentName, parentPhone: req.body.parentPhone, address: req.body.address, idCard: req.body.idCard, gender: req.body.gender || 'Male', createTime: new Date() });
+            return res.json({ username: finalUsername });
+        } 
+        const existing = await User.findOne({ username });
+        if (existing) return res.status(409).json({ error: 'USERNAME_EXISTS', message: '用户名已存在' });
+        await User.create({...req.body, status: 'pending', createTime: new Date()});
+        res.json({ username });
+    } catch(e) { res.status(500).json({ error: e.message }); }
+});
+app.get('/api/users', async (req, res) => {
+    const filter = getQueryFilter(req);
+    if (req.headers['x-user-role'] === 'PRINCIPAL') filter.role = { $ne: 'ADMIN' };
+    if (req.query.role) filter.role = req.query.role;
+    res.json(await User.find(filter).sort({ createTime: -1 })); 
+});
+app.put('/api/users/:id', async (req, res) => {
+    const userId = req.params.id; const updates = req.body;
+    try {
+        const user = await User.findById(userId);
+        if (!user) return res.status(404).json({ error: 'User not found' });
+        if (user.status !== 'active' && updates.status === 'active' && user.role === 'STUDENT') {
+            await Student.findOneAndUpdate({ studentNo: user.studentNo, schoolId: user.schoolId }, { $set: { schoolId: user.schoolId, studentNo: user.studentNo, seatNo: user.seatNo, name: user.trueName, className: user.homeroomClass, gender: user.gender || 'Male', parentName: user.parentName, parentPhone: user.parentPhone, address: user.address, idCard: user.idCard, status: 'Enrolled', birthday: '2015-01-01' } }, { upsert: true, new: true });
+        }
+        await User.findByIdAndUpdate(userId, updates);
+        res.json({});
+    } catch (e) { res.status(500).json({ error: e.message }); }
+});
+app.post('/api/users/class-application', async (req, res) => {
+    const { userId, type, targetClass, action } = req.body; 
+    const userRole = req.headers['x-user-role']; const schoolId = req.headers['x-school-id'];
+    if (action === 'APPLY') { try { const user = await User.findById(userId); if(!user) return res.status(404).json({error:'User not found'}); await User.findByIdAndUpdate(userId, { classApplication: { type: type, targetClass: targetClass || '', status: 'PENDING' } }); await NotificationModel.create({ schoolId, targetRole: 'ADMIN', title: '新的班主任任免申请', content: `${user.trueName || user.username} 申请 ${type === 'CLAIM' ? '任教' : '卸任'}，请及时处理。`, type: 'warning' }); return res.json({ success: true }); } catch (e) { return res.status(500).json({ error: e.message }); } }
+    if (userRole === 'ADMIN' || userRole === 'PRINCIPAL') {
+        const user = await User.findById(userId);
+        if (!user || !user.classApplication) return res.status(404).json({ error: 'Application not found' });
+        const appType = user.classApplication.type; const appTarget = user.classApplication.targetClass;
+        if (action === 'APPROVE') {
+            const updates = { classApplication: null }; const classes = await ClassModel.find({ schoolId });
+            if (appType === 'CLAIM') { updates.homeroomClass = appTarget; const matchedClass = classes.find(c => (c.grade + c.className) === appTarget); if (matchedClass) { const teacherIds = matchedClass.homeroomTeacherIds || []; if (!teacherIds.includes(userId)) { teacherIds.push(userId); const teachers = await User.find({ _id: { $in: teacherIds } }); const names = teachers.map(t => t.trueName || t.username).join(', '); await ClassModel.findByIdAndUpdate(matchedClass._id, { homeroomTeacherIds: teacherIds, teacherName: names }); } } } else if (appType === 'RESIGN') { updates.homeroomClass = ''; const matchedClass = classes.find(c => (c.grade + c.className) === user.homeroomClass); if (matchedClass) { const teacherIds = (matchedClass.homeroomTeacherIds || []).filter(id => id !== userId); const teachers = await User.find({ _id: { $in: teacherIds } }); const names = teachers.map(t => t.trueName || t.username).join(', '); await ClassModel.findByIdAndUpdate(matchedClass._id, { homeroomTeacherIds: teacherIds, teacherName: names }); } }
+            await User.findByIdAndUpdate(userId, updates);
+        } else await User.findByIdAndUpdate(userId, { 'classApplication.status': 'REJECTED' });
+        return res.json({ success: true });
+    }
+    res.status(403).json({ error: 'Permission denied' });
+});
+app.post('/api/students/promote', async (req, res) => {
+    const { teacherFollows } = req.body; const sId = req.headers['x-school-id'];
+    const GRADE_MAP = { '一年级': '二年级', '二年级': '三年级', '三年级': '四年级', '四年级': '五年级', '五年级': '六年级', '六年级': '毕业', '初一': '初二', '七年级': '八年级', '初二': '初三', '八年级': '九年级', '初三': '毕业', '九年级': '毕业', '高一': '高二', '高二': '高三', '高三': '毕业' };
+    const classes = await ClassModel.find(getQueryFilter(req)); let promotedCount = 0;
+    for (const cls of classes) {
+        const currentGrade = cls.grade; const nextGrade = GRADE_MAP[currentGrade] || currentGrade; const suffix = cls.className; 
+        if (nextGrade === '毕业') { const oldFullClass = cls.grade + cls.className; await Student.updateMany({ className: oldFullClass, ...getQueryFilter(req) }, { status: 'Graduated', className: '已毕业' }); if (teacherFollows && cls.homeroomTeacherIds?.length) { await User.updateMany({ _id: { $in: cls.homeroomTeacherIds }, schoolId: sId }, { homeroomClass: '' }); await ClassModel.findByIdAndUpdate(cls._id, { teacherName: '', homeroomTeacherIds: [] }); } } else { const oldFullClass = cls.grade + cls.className; const newFullClass = nextGrade + suffix; await ClassModel.findOneAndUpdate({ grade: nextGrade, className: suffix, schoolId: sId }, { schoolId: sId, grade: nextGrade, className: suffix, teacherName: teacherFollows ? cls.teacherName : undefined, homeroomTeacherIds: teacherFollows ? cls.homeroomTeacherIds : [] }, { upsert: true }); const result = await Student.updateMany({ className: oldFullClass, status: 'Enrolled', ...getQueryFilter(req) }, { className: newFullClass }); promotedCount += result.modifiedCount; if (teacherFollows && cls.homeroomTeacherIds?.length) { await User.updateMany({ _id: { $in: cls.homeroomTeacherIds }, schoolId: sId, homeroomClass: oldFullClass }, { homeroomClass: newFullClass }); await ClassModel.findByIdAndUpdate(cls._id, { teacherName: '', homeroomTeacherIds: [] }); } }
+    }
+    res.json({ success: true, count: promotedCount });
 });
+app.post('/api/games/lucky-config', async (req, res) => { const data = injectSchoolId(req, req.body); if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); data.ownerId = user ? user._id.toString() : null; } await LuckyDrawConfigModel.findOneAndUpdate({ className: data.className, ...getQueryFilter(req), ownerId: data.ownerId }, data, { upsert: true }); res.json({ success: true }); });
+app.post('/api/games/lucky-draw', async (req, res) => { const { studentId } = req.body; const schoolId = req.headers['x-school-id']; const userRole = req.headers['x-user-role']; try { const student = await Student.findById(studentId); if (!student) return res.status(404).json({ error: 'Student not found' }); let configFilter = { className: student.className, schoolId }; if (userRole === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); configFilter.ownerId = user ? user._id.toString() : null; } const config = await LuckyDrawConfigModel.findOne(configFilter); const prizes = config?.prizes || []; const defaultPrize = config?.defaultPrize || '再接再厉'; const dailyLimit = config?.dailyLimit || 3; const consolationWeight = config?.consolationWeight || 0; const availablePrizes = prizes.filter(p => (p.count === undefined || p.count > 0)); if (availablePrizes.length === 0 && consolationWeight === 0) return res.status(400).json({ error: 'POOL_EMPTY', message: '奖品库存不足' }); if (userRole === 'STUDENT') { if (student.drawAttempts <= 0) return res.status(403).json({ error: '次数不足', message: '您的抽奖次数已用完' }); const today = new Date().toISOString().split('T')[0]; let dailyLog = student.dailyDrawLog || { date: today, count: 0 }; if (dailyLog.date !== today) dailyLog = { date: today, count: 0 }; if (dailyLog.count >= dailyLimit) return res.status(403).json({ error: 'DAILY_LIMIT_REACHED', message: `今日抽奖次数已达上限 (${dailyLimit}次)` }); dailyLog.count += 1; student.drawAttempts -= 1; student.dailyDrawLog = dailyLog; await student.save(); } else { if (student.drawAttempts <= 0) return res.status(403).json({ error: '次数不足', message: '该学生抽奖次数已用完' }); student.drawAttempts -= 1; await student.save(); } let totalWeight = consolationWeight; availablePrizes.forEach(p => totalWeight += (p.probability || 0)); let random = Math.random() * totalWeight; let selectedPrize = defaultPrize; let rewardType = 'CONSOLATION'; let matchedPrize = null; for (const p of availablePrizes) { random -= (p.probability || 0); if (random <= 0) { matchedPrize = p; break; } } if (matchedPrize) { selectedPrize = matchedPrize.name; rewardType = 'ITEM'; if (config._id) await LuckyDrawConfigModel.updateOne({ _id: config._id, "prizes.id": matchedPrize.id }, { $inc: { "prizes.$.count": -1 } }); } let ownerId = config?.ownerId; await StudentRewardModel.create({ schoolId, studentId, studentName: student.name, rewardType, name: selectedPrize, count: 1, status: 'PENDING', source: '幸运大抽奖', ownerId }); res.json({ prize: selectedPrize, rewardType }); } catch (e) { res.status(500).json({ error: e.message }); } });
+app.get('/api/games/monster-config', async (req, res) => { const filter = getQueryFilter(req); const ownerFilter = await getGameOwnerFilter(req); if (req.query.className) filter.className = req.query.className; Object.assign(filter, ownerFilter); const config = await GameMonsterConfigModel.findOne(filter); res.json(config || {}); });
+app.post('/api/games/monster-config', async (req, res) => { const data = injectSchoolId(req, req.body); if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); data.ownerId = user ? user._id.toString() : null; } await GameMonsterConfigModel.findOneAndUpdate({ className: data.className, ...getQueryFilter(req), ownerId: data.ownerId }, data, { upsert: true }); res.json({ success: true }); });
+app.get('/api/games/zen-config', async (req, res) => { const filter = getQueryFilter(req); const ownerFilter = await getGameOwnerFilter(req); if (req.query.className) filter.className = req.query.className; Object.assign(filter, ownerFilter); const config = await GameZenConfigModel.findOne(filter); res.json(config || {}); });
+app.post('/api/games/zen-config', async (req, res) => { const data = injectSchoolId(req, req.body); if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); data.ownerId = user ? user._id.toString() : null; } await GameZenConfigModel.findOneAndUpdate({ className: data.className, ...getQueryFilter(req), ownerId: data.ownerId }, data, { upsert: true }); res.json({ success: true }); });
+app.get('/api/games/mountain', async (req, res) => { res.json(await GameSessionModel.findOne({...getQueryFilter(req), className: req.query.className})); });
+app.post('/api/games/mountain', async (req, res) => { const { className } = req.body; const sId = req.headers['x-school-id']; const role = req.headers['x-user-role']; const username = req.headers['x-user-username']; if (role === 'TEACHER') { const user = await User.findOne({ username }); const cls = await ClassModel.findOne({ schoolId: sId, $expr: { $eq: [{ $concat: ["$grade", "$className"] }, className] } }); if (!cls) return res.status(404).json({ error: 'Class not found' }); const allowedIds = cls.homeroomTeacherIds || []; if (!allowedIds.includes(user._id.toString())) return res.status(403).json({ error: 'PERMISSION_DENIED', message: '只有班主任可以操作登峰游戏' }); } await GameSessionModel.findOneAndUpdate({ className, ...getQueryFilter(req) }, injectSchoolId(req, req.body), {upsert:true}); res.json({}); });
+app.get('/api/rewards', async (req, res) => { const filter = getQueryFilter(req); if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); if (user) filter.ownerId = user._id.toString(); } if(req.query.studentId) filter.studentId = req.query.studentId; if (req.query.className) { const classStudents = await Student.find({ className: req.query.className, ...getQueryFilter(req) }, '_id'); filter.studentId = { $in: classStudents.map(s => s._id.toString()) }; } if (req.query.excludeType) filter.rewardType = { $ne: req.query.excludeType }; const page = parseInt(req.query.page) || 1; const limit = parseInt(req.query.limit) || 20; const skip = (page - 1) * limit; const total = await StudentRewardModel.countDocuments(filter); const list = await StudentRewardModel.find(filter).sort({createTime:-1}).skip(skip).limit(limit); res.json({ list, total }); });
+app.post('/api/rewards', async (req, res) => { const data = injectSchoolId(req, req.body); if (!data.count) data.count = 1; if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); data.ownerId = user ? user._id.toString() : null; } if(data.rewardType==='DRAW_COUNT') { data.status='REDEEMED'; await Student.findByIdAndUpdate(data.studentId, {$inc:{drawAttempts:data.count}}); } await StudentRewardModel.create(data); res.json({}); });
+app.post('/api/games/grant-reward', async (req, res) => { const { studentId, count, rewardType, name } = req.body; const finalCount = count || 1; const finalName = name || (rewardType === 'DRAW_COUNT' ? '抽奖券' : '奖品'); let ownerId = null; if (req.headers['x-user-role'] === 'TEACHER') { const user = await User.findOne({ username: req.headers['x-user-username'] }); ownerId = user ? user._id.toString() : null; } if (rewardType === 'DRAW_COUNT') await Student.findByIdAndUpdate(studentId, { $inc: { drawAttempts: finalCount } }); await StudentRewardModel.create({ schoolId: req.headers['x-school-id'], studentId, studentName: (await Student.findById(studentId)).name, rewardType, name: finalName, count: finalCount, status: rewardType === 'DRAW_COUNT' ? 'REDEEMED' : 'PENDING', source: '教师发放', ownerId }); res.json({}); });
+app.put('/api/classes/:id', async (req, res) => { 
+    const classId = req.params.id; 
+    const { grade, className, teacherName, homeroomTeacherIds, periodConfig } = req.body; 
+    const sId = req.headers['x-school-id']; 
+    const oldClass = await ClassModel.findById(classId); 
+    if (!oldClass) return res.status(404).json({ error: 'Class not found' }); 
+    const newFullClass = grade + className; 
+    const oldFullClass = oldClass.grade + oldClass.className; 
+    const oldTeacherIds = oldClass.homeroomTeacherIds || []; 
+    const newTeacherIds = homeroomTeacherIds || []; 
+    const removedIds = oldTeacherIds.filter(id => !newTeacherIds.includes(id)); 
+    if (removedIds.length > 0) await User.updateMany({ _id: { $in: removedIds }, schoolId: sId }, { homeroomClass: '' }); 
+    if (newTeacherIds.length > 0) await User.updateMany({ _id: { $in: newTeacherIds }, schoolId: sId }, { homeroomClass: newFullClass }); 
+    let displayTeacherName = teacherName; 
+    if (newTeacherIds.length > 0) { 
+        const teachers = await User.find({ _id: { $in: newTeacherIds } }); 
+        displayTeacherName = teachers.map(t => t.trueName || t.username).join(', '); 
+    } 
+    
+    // FIX: Explicitly update periodConfig if present in the body
+    const updatePayload = { grade, className, teacherName: displayTeacherName, homeroomTeacherIds: newTeacherIds };
+    if (periodConfig) updatePayload.periodConfig = periodConfig;
 
-// Serve Frontend
-app.use(express.static(path.join(__dirname, 'dist')));
-app.get('*', (req, res) => {
-  res.sendFile(path.join(__dirname, 'dist', 'index.html'));
+    await ClassModel.findByIdAndUpdate(classId, updatePayload); 
+    
+    if (oldFullClass !== newFullClass) { 
+        await Student.updateMany({ className: oldFullClass, schoolId: sId }, { className: newFullClass }); 
+        await User.updateMany({ homeroomClass: oldFullClass, schoolId: sId }, { homeroomClass: newFullClass }); 
+    } 
+    res.json({ success: true }); 
 });
+app.post('/api/classes', async (req, res) => { const data = injectSchoolId(req, req.body); const { homeroomTeacherIds } = req.body; if (homeroomTeacherIds && homeroomTeacherIds.length > 0) { const teachers = await User.find({ _id: { $in: homeroomTeacherIds } }); data.teacherName = teachers.map(t => t.trueName || t.username).join(', '); } await ClassModel.create(data); if (homeroomTeacherIds && homeroomTeacherIds.length > 0) await User.updateMany({ _id: { $in: homeroomTeacherIds }, schoolId: data.schoolId }, { homeroomClass: data.grade + data.className }); res.json({}); });
+app.get('/api/courses', async (req, res) => { const filter = getQueryFilter(req); if (req.query.teacherId) filter.teacherId = req.query.teacherId; res.json(await Course.find(filter)); });
+app.post('/api/courses', async (req, res) => { const data = injectSchoolId(req, req.body); try { await Course.create(data); res.json({}); } catch(e) { if (e.code === 11000) return res.status(409).json({ error: 'DUPLICATE', message: '该班级该科目已有任课老师' }); res.status(500).json({ error: e.message }); } });
+app.get('/api/public/schools', async (req, res) => { res.json(await School.find({}, 'name code _id')); });
+app.get('/api/public/config', async (req, res) => { const currentSem = getAutoSemester(); let config = await ConfigModel.findOne({ key: 'main' }); if (config) { let semesters = config.semesters || []; if (!semesters.includes(currentSem)) { semesters.unshift(currentSem); config.semesters = semesters; config.semester = currentSem; await ConfigModel.updateOne({ key: 'main' }, { semesters, semester: currentSem }); } } else { config = { key: 'main', allowRegister: true, semester: currentSem, semesters: [currentSem] }; } res.json(config); });
+app.get('/api/public/meta', async (req, res) => { res.json({ classes: await ClassModel.find({ schoolId: req.query.schoolId }), subjects: await SubjectModel.find({ schoolId: req.query.schoolId }) }); });
+app.post('/api/auth/login', async (req, res) => { const { username, password } = req.body; const user = await User.findOne({ username, password }); if (!user) return res.status(401).json({ message: 'Error' }); if (user.status !== 'active') return res.status(403).json({ error: 'PENDING_APPROVAL' }); res.json(user); });
+app.get('/api/schools', async (req, res) => { res.json(await School.find()); });
+app.post('/api/schools', async (req, res) => { res.json(await School.create(req.body)); });
+app.put('/api/schools/:id', async (req, res) => { await School.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/schools/:id', async (req, res) => { const schoolId = req.params.id; try { await School.findByIdAndDelete(schoolId); await User.deleteMany({ schoolId }); await Student.deleteMany({ schoolId }); await ClassModel.deleteMany({ schoolId }); await SubjectModel.deleteMany({ schoolId }); await Course.deleteMany({ schoolId }); await Score.deleteMany({ schoolId }); await ExamModel.deleteMany({ schoolId }); await ScheduleModel.deleteMany({ schoolId }); await NotificationModel.deleteMany({ schoolId }); await AttendanceModel.deleteMany({ schoolId }); await LeaveRequestModel.deleteMany({ schoolId }); await GameSessionModel.deleteMany({ schoolId }); await StudentRewardModel.deleteMany({ schoolId }); await LuckyDrawConfigModel.deleteMany({ schoolId }); await GameMonsterConfigModel.deleteMany({ schoolId }); await GameZenConfigModel.deleteMany({ schoolId }); await AchievementConfigModel.deleteMany({ schoolId }); await StudentAchievementModel.deleteMany({ schoolId }); await SchoolCalendarModel.deleteMany({ schoolId }); await WishModel.deleteMany({ schoolId }); await FeedbackModel.deleteMany({ schoolId }); await TodoModel.deleteMany({}); res.json({ success: true }); } catch (e) { res.status(500).json({ error: e.message }); } });
+app.delete('/api/users/:id', async (req, res) => { const requesterRole = req.headers['x-user-role']; if (requesterRole === 'PRINCIPAL') { const user = await User.findById(req.params.id); if (!user || user.schoolId !== req.headers['x-school-id']) return res.status(403).json({error: 'Permission denied'}); if (user.role === 'ADMIN') return res.status(403).json({error: 'Cannot delete admin'}); } await User.findByIdAndDelete(req.params.id); res.json({}); });
+app.get('/api/students', async (req, res) => { res.json(await Student.find(getQueryFilter(req))); });
+app.post('/api/students', async (req, res) => { const data = injectSchoolId(req, req.body); if (data.studentNo === '') delete data.studentNo; try { const existing = await Student.findOne({ schoolId: data.schoolId, name: data.name, className: data.className }); if (existing) { Object.assign(existing, data); if (!existing.studentNo) { existing.studentNo = await generateStudentNo(); } await existing.save(); } else { if (!data.studentNo) { data.studentNo = await generateStudentNo(); } await Student.create(data); } res.json({ success: true }); } catch (e) { if (e.code === 11000) return res.status(409).json({ error: 'DUPLICATE', message: '保存失败：存在重复的系统ID' }); res.status(500).json({ error: e.message }); } });
+app.put('/api/students/:id', async (req, res) => { await Student.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/students/:id', async (req, res) => { await Student.findByIdAndDelete(req.params.id); res.json({}); });
+app.get('/api/classes', async (req, res) => { const filter = getQueryFilter(req); const cls = await ClassModel.find(filter); const resData = await Promise.all(cls.map(async c => { const count = await Student.countDocuments({ className: c.grade + c.className, status: 'Enrolled', ...filter }); return { ...c.toObject(), studentCount: count }; })); res.json(resData); });
+app.delete('/api/classes/:id', async (req, res) => { const cls = await ClassModel.findById(req.params.id); if (cls && cls.homeroomTeacherIds) await User.updateMany({ _id: { $in: cls.homeroomTeacherIds }, schoolId: cls.schoolId }, { homeroomClass: '' }); await ClassModel.findByIdAndDelete(req.params.id); res.json({}); });
+app.get('/api/subjects', async (req, res) => { res.json(await SubjectModel.find(getQueryFilter(req))); });
+app.post('/api/subjects', async (req, res) => { await SubjectModel.create(injectSchoolId(req, req.body)); res.json({}); });
+app.put('/api/subjects/:id', async (req, res) => { await SubjectModel.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/subjects/:id', async (req, res) => { await SubjectModel.findByIdAndDelete(req.params.id); res.json({}); });
+app.put('/api/courses/:id', async (req, res) => { await Course.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/courses/:id', async (req, res) => { await Course.findByIdAndDelete(req.params.id); res.json({}); });
+app.get('/api/scores', async (req, res) => { res.json(await Score.find(getQueryFilter(req))); });
+app.post('/api/scores', async (req, res) => { await Score.create(injectSchoolId(req, req.body)); res.json({}); });
+app.put('/api/scores/:id', async (req, res) => { await Score.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/scores/:id', async (req, res) => { await Score.findByIdAndDelete(req.params.id); res.json({}); });
+app.get('/api/exams', async (req, res) => { res.json(await ExamModel.find(getQueryFilter(req))); });
+app.post('/api/exams', async (req, res) => { await ExamModel.findOneAndUpdate({name:req.body.name}, injectSchoolId(req, req.body), {upsert:true}); res.json({}); });
+app.get('/api/stats', async (req, res) => { const filter = getQueryFilter(req); const studentCount = await Student.countDocuments(filter); const courseCount = await Course.countDocuments(filter); const scores = await Score.find({...filter, status: 'Normal'}); let avgScore = 0; let excellentRate = '0%'; if (scores.length > 0) { const total = scores.reduce((sum, s) => sum + s.score, 0); avgScore = parseFloat((total / scores.length).toFixed(1)); const excellent = scores.filter(s => s.score >= 90).length; excellentRate = Math.round((excellent / scores.length) * 100) + '%'; } res.json({ studentCount, courseCount, avgScore, excellentRate }); });
+app.get('/api/config', async (req, res) => { const currentSem = getAutoSemester(); let config = await ConfigModel.findOne({key:'main'}); if (config) { let semesters = config.semesters || []; if (!semesters.includes(currentSem)) { semesters.unshift(currentSem); config.semesters = semesters; config.semester = currentSem; await ConfigModel.updateOne({ key: 'main' }, { semesters, semester: currentSem }); } } else { config = { key: 'main', allowRegister: true, semester: currentSem, semesters: [currentSem] }; } res.json(config); });
+app.post('/api/config', async (req, res) => { await ConfigModel.findOneAndUpdate({key:'main'}, req.body, {upsert:true}); res.json({}); });
+app.put('/api/rewards/:id', async (req, res) => { await StudentRewardModel.findByIdAndUpdate(req.params.id, req.body); res.json({}); });
+app.delete('/api/rewards/:id', async (req, res) => { const reward = await StudentRewardModel.findById(req.params.id); if (!reward) return res.status(404).json({error: 'Not found'}); if (reward.rewardType === 'DRAW_COUNT') { const student = await Student.findById(reward.studentId); if (student && student.drawAttempts < reward.count) return res.status(400).json({ error: 'FAILED_REVOKE', message: '修改失败，次数已被使用' }); await Student.findByIdAndUpdate(reward.studentId, { $inc: { drawAttempts: -reward.count } }); } await StudentRewardModel.findByIdAndDelete(req.params.id); res.json({}); });
+app.post('/api/rewards/:id/redeem', async (req, res) => { await StudentRewardModel.findByIdAndUpdate(req.params.id, {status:'REDEEMED'}); res.json({}); });
+app.get('/api/attendance', async (req, res) => { const { className, date, studentId } = req.query; const filter = getQueryFilter(req); if(className) filter.className = className; if(date) filter.date = date; if(studentId) filter.studentId = studentId; res.json(await AttendanceModel.find(filter)); });
+app.post('/api/attendance/check-in', async (req, res) => { const { studentId, date, status } = req.body; const exists = await AttendanceModel.findOne({ studentId, date }); if (exists) return res.status(400).json({ error: 'ALREADY_CHECKED_IN', message: '今日已打卡' }); const student = await Student.findById(studentId); await AttendanceModel.create({ schoolId: req.headers['x-school-id'], studentId, studentName: student.name, className: student.className, date, status: status || 'Present', checkInTime: new Date() }); res.json({ success: true }); });
+app.post('/api/attendance/batch', async (req, res) => { const { className, date, status } = req.body; const students = await Student.find({ className, ...getQueryFilter(req) }); const ops = students.map(s => ({ updateOne: { filter: { studentId: s._id, date }, update: { $setOnInsert: { schoolId: req.headers['x-school-id'], studentId: s._id, studentName: s.name, className: s.className, date, status: status || 'Present', checkInTime: new Date() } }, upsert: true } })); if (ops.length > 0) await AttendanceModel.bulkWrite(ops); res.json({ success: true, count: ops.length }); });
+app.put('/api/attendance/update', async (req, res) => { const { studentId, date, status } = req.body; const student = await Student.findById(studentId); await AttendanceModel.findOneAndUpdate({ studentId, date }, { schoolId: req.headers['x-school-id'], studentId, studentName: student.name, className: student.className, date, status, checkInTime: new Date() }, { upsert: true }); res.json({ success: true }); });
+app.post('/api/leave', async (req, res) => { await LeaveRequestModel.create(injectSchoolId(req, req.body)); const { studentId, startDate } = req.body; const student = await Student.findById(studentId); if (student) await AttendanceModel.findOneAndUpdate({ studentId, date: startDate }, { schoolId: req.headers['x-school-id'], studentId, studentName: student.name, className: student.className, date: startDate, status: 'Leave', checkInTime: new Date() }, { upsert: true }); res.json({ success: true }); });
+app.get('/api/attendance/calendar', async (req, res) => { const { className } = req.query; const filter = getQueryFilter(req); const query = { $and: [ filter, { $or: [{ className: { $exists: false } }, { className: null }, { className }] } ] }; res.json(await SchoolCalendarModel.find(query)); });
+app.post('/api/attendance/calendar', async (req, res) => { await SchoolCalendarModel.create(injectSchoolId(req, req.body)); res.json({ success: true }); });
+app.delete('/api/attendance/calendar/:id', async (req, res) => { await SchoolCalendarModel.findByIdAndDelete(req.params.id); res.json({}); });
+app.post('/api/batch-delete', async (req, res) => { if(req.body.type==='student') await Student.deleteMany({_id:{$in:req.body.ids}}); if(req.body.type==='score') await Score.deleteMany({_id:{$in:req.body.ids}}); res.json({}); });
 
-app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
+app.get('*', (req, res) => { res.sendFile(path.join(__dirname, 'dist', 'index.html')); });
+app.listen(PORT, () => console.log(`🚀 Server running on port ${PORT}`));