Upload 54 files

App.tsx

@@ -6,7 +6,7 @@ import { Login } from './pages/Login';
 import { User, UserRole } from './types';
 import { api } from './services/api';
 import { AlertTriangle, Loader2 } from 'lucide-react';
-import { LiveVoiceFab } from './components/LiveVoiceFab'; // Import
+import { LiveAssistant } from './components/LiveAssistant';
 
 // --- Lazy Load Helper with Retry Strategy ---
 // This wrapper catches chunk loading errors (common after deployments) and reloads the page once.
@@ -187,6 +187,10 @@ const AppContent: React.FC = () => {
 
   if (!isAuthenticated) return <Login onLogin={handleLogin} />;
 
+  // Permission Check for Live Assistant
+  // Admins always have it. Teachers need aiAccess flag.
+  const showLiveAssistant = currentUser && (currentUser.role === UserRole.ADMIN || currentUser.aiAccess);
+
   return (
     <div className="flex h-screen bg-gray-50 overflow-hidden">
       <Sidebar
@@ -205,9 +209,8 @@ const AppContent: React.FC = () => {
             <Suspense fallback={<PageLoading />}>{renderContent()}</Suspense>
           </div>
         </main>
-        
-        {/* Global AI Voice Assistant FAB */}
-        <LiveVoiceFab />
+        {/* Global Floating AI Assistant */}
+        {showLiveAssistant && <LiveAssistant />}
       </div>
     </div>
   );

ai-routes.js

@@ -4,6 +4,7 @@ const router = express.Router();
 const OpenAI = require('openai');
 const { ConfigModel, User, AIUsageModel } = require('./models');
 
+// ... (Key Management, Usage Tracking, Helpers, Provider Management functions remain same as before)
 // Fetch keys from DB + merge with ENV variables
 async function getKeyPool(type) {
     const config = await ConfigModel.findOne({ key: 'main' });
@@ -16,32 +17,6 @@ async function getKeyPool(type) {
     return pool;
 }
 
-const checkAIAccess = async (req, res, next) => {
-    const username = req.headers['x-user-username'];
-    const role = req.headers['x-user-role'];
-    if (!username) return res.status(401).json({ error: 'Unauthorized' });
-    const config = await ConfigModel.findOne({ key: 'main' });
-    if (config && config.enableAI === false && role !== 'ADMIN') return res.status(503).json({ error: 'MAINTENANCE', message: 'AI 服务维护中' });
-    if (role === 'ADMIN') return next();
-    const user = await User.findOne({ username });
-    if (!user || (!user.aiAccess && role !== 'ADMIN')) return res.status(403).json({ error: 'Permission denied' });
-    next();
-};
-
-// NEW: Endpoint to get a valid Gemini Key for Client-side Live API
-router.get('/config/key', checkAIAccess, async (req, res) => {
-    try {
-        const keys = await getKeyPool('gemini');
-        if (keys.length === 0) return res.status(404).json({ error: 'No API keys configured' });
-        // Return a random key to load balance slightly, or just the first one
-        const key = keys[0]; 
-        res.json({ key });
-    } catch (e) {
-        res.status(500).json({ error: e.message });
-    }
-});
-
-// ... Existing helper functions ...
 async function recordUsage(model, provider) {
     try {
         const today = new Date().toISOString().split('T')[0];
@@ -50,6 +25,18 @@ async function recordUsage(model, provider) {
     } catch (e) { console.error("Failed to record AI usage stats:", e); }
 }
 
+const wait = (ms) => new Promise(resolve => setTimeout(resolve, ms));
+async function callAIWithRetry(aiModelCall, retries = 1) {
+    for (let i = 0; i < retries; i++) {
+        try { return await aiModelCall(); }
+        catch (e) {
+            if (e.status === 400 || e.status === 401 || e.status === 403) throw e;
+            if (i < retries - 1) { await wait(1000 * Math.pow(2, i)); continue; }
+            throw e;
+        }
+    }
+}
+
 function convertGeminiToOpenAI(baseParams) {
     const messages = [];
     if (baseParams.config?.systemInstruction) messages.push({ role: 'system', content: baseParams.config.systemInstruction });
@@ -192,6 +179,29 @@ async function streamContentWithSmartFallback(baseParams, res) {
     throw finalError || new Error('All streaming models unavailable.');
 }
 
+const checkAIAccess = async (req, res, next) => {
+    const username = req.headers['x-user-username'];
+    const role = req.headers['x-user-role'];
+    if (!username) return res.status(401).json({ error: 'Unauthorized' });
+    const config = await ConfigModel.findOne({ key: 'main' });
+    if (config && config.enableAI === false && role !== 'ADMIN') return res.status(503).json({ error: 'MAINTENANCE', message: 'AI 服务维护中' });
+    if (role === 'ADMIN') return next();
+    const user = await User.findOne({ username });
+    if (!user || (!user.aiAccess && role !== 'ADMIN')) return res.status(403).json({ error: 'Permission denied' });
+    next();
+};
+
+// NEW: Endpoint to provide a temporary key for Client-Side Live API
+router.get('/live-access', checkAIAccess, async (req, res) => {
+    try {
+        const keys = await getKeyPool('gemini');
+        if (keys.length === 0) return res.status(503).json({ error: 'No API keys available' });
+        // Return the first available key. In a real prod environment, you might issue a short-lived proxy token.
+        // For this architecture, we return the key to allow direct WebSocket connection.
+        res.json({ key: keys[0] });
+    } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
 router.get('/stats', checkAIAccess, async (req, res) => {
     try {
         const config = await ConfigModel.findOne({ key: 'main' });

components/LiveAssistant.tsx

@@ -0,0 +1,362 @@
+import React, { useState, useRef, useEffect } from 'react';
+import { GoogleGenAI, LiveServerMessage, Modality } from "@google/genai";
+import { Mic, X, MessageCircle, Volume2, Power, Play, Square, Loader2, Bot, ChevronDown, RefreshCw } from 'lucide-react';
+import { api } from '../services/api';
+
+// --- Helper Functions for Audio Processing ---
+function decode(base64: string) {
+  const binaryString = atob(base64);
+  const len = binaryString.length;
+  const bytes = new Uint8Array(len);
+  for (let i = 0; i < len; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  return bytes;
+}
+
+async function decodeAudioData(
+  data: Uint8Array,
+  ctx: AudioContext,
+  sampleRate: number,
+  numChannels: number,
+): Promise<AudioBuffer> {
+  const dataInt16 = new Int16Array(data.buffer);
+  const frameCount = dataInt16.length / numChannels;
+  const buffer = ctx.createBuffer(numChannels, frameCount, sampleRate);
+
+  for (let channel = 0; channel < numChannels; channel++) {
+    const channelData = buffer.getChannelData(channel);
+    for (let i = 0; i < frameCount; i++) {
+      channelData[i] = dataInt16[i * numChannels + channel] / 32768.0;
+    }
+  }
+  return buffer;
+}
+
+function createBlob(data: Float32Array): { data: string; mimeType: string } {
+  const l = data.length;
+  const int16 = new Int16Array(l);
+  for (let i = 0; i < l; i++) {
+    int16[i] = data[i] * 32768;
+  }
+  
+  // Custom encode function instead of js-base64
+  let binary = '';
+  const bytes = new Uint8Array(int16.buffer);
+  const len = bytes.byteLength;
+  for (let i = 0; i < len; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  const base64 = btoa(binary);
+
+  return {
+    data: base64,
+    mimeType: 'audio/pcm;rate=16000',
+  };
+}
+
+export const LiveAssistant: React.FC = () => {
+  const [isOpen, setIsOpen] = useState(false);
+  const [isConnected, setIsConnected] = useState(false);
+  const [isMicOn, setIsMicOn] = useState(false); // Toggle for "Hold to Talk" simulation
+  const [isSpeaking, setIsSpeaking] = useState(false); // Model speaking
+  const [logs, setLogs] = useState<{role: 'user'|'model', text: string}[]>([]);
+  const [apiKey, setApiKey] = useState('');
+  const [isInitializing, setIsInitializing] = useState(false);
+
+  // Audio Refs
+  const audioContextRef = useRef<AudioContext | null>(null);
+  const audioStreamRef = useRef<MediaStream | null>(null);
+  const inputProcessorRef = useRef<ScriptProcessorNode | null>(null);
+  const inputSourceRef = useRef<MediaStreamAudioSourceNode | null>(null);
+  const outputNodeRef = useRef<GainNode | null>(null);
+  const nextStartTimeRef = useRef<number>(0);
+  const activeSourcesRef = useRef<Set<AudioBufferSourceNode>>(new Set());
+  
+  // Session Ref
+  const sessionPromiseRef = useRef<Promise<any> | null>(null);
+
+  // 1. Get Key on Mount (if allowed)
+  useEffect(() => {
+      // Only fetch key if user opens the widget to save resources
+      if (isOpen && !apiKey && !isInitializing) {
+          setIsInitializing(true);
+          fetch('/api/ai/live-access', {
+              headers: { 
+                  'x-user-username': api.auth.getCurrentUser()?.username || '',
+                  'x-user-role': api.auth.getCurrentUser()?.role || ''
+              }
+          })
+          .then(res => res.json())
+          .then(data => {
+              if (data.key) setApiKey(data.key);
+              setIsInitializing(false);
+          })
+          .catch(() => setIsInitializing(false));
+      }
+  }, [isOpen]);
+
+  const connect = async () => {
+      if (!apiKey) return;
+      
+      try {
+          setIsInitializing(true);
+          // Setup Audio Context
+          // @ts-ignore
+          const AudioCtor = window.AudioContext || window.webkitAudioContext;
+          const ctx = new AudioCtor({sampleRate: 24000}); // Output rate usually 24k
+          audioContextRef.current = ctx;
+          outputNodeRef.current = ctx.createGain();
+          outputNodeRef.current.connect(ctx.destination);
+          
+          // Setup Input (Mic) - But don't connect processor yet until "Mic On"
+          const stream = await navigator.mediaDevices.getUserMedia({ audio: {
+              sampleRate: 16000,
+              channelCount: 1,
+              echoCancellation: true
+          }});
+          audioStreamRef.current = stream;
+
+          // Initialize Gemini Client
+          const client = new GoogleGenAI({ apiKey });
+          
+          const sessionPromise = client.live.connect({
+              model: 'gemini-2.5-flash-native-audio-preview-09-2025',
+              config: {
+                  responseModalities: [Modality.AUDIO],
+                  speechConfig: { voiceConfig: { prebuiltVoiceConfig: { voiceName: 'Kore' } } },
+                  systemInstruction: { parts: [{ text: "你是一位乐于助人的校园AI助手。请用简短、自然的中文进行语音对话。" }] },
+                  outputAudioTranscription: { model: true } // Enable transcription to show text
+              },
+              callbacks: {
+                  onopen: () => {
+                      setIsConnected(true);
+                      setIsInitializing(false);
+                      setLogs(prev => [...prev, {role: 'model', text: '已连接，请点击麦克风说话。'}]);
+                  },
+                  onmessage: async (msg: LiveServerMessage) => {
+                      // Handle Audio Output
+                      const audioData = msg.serverContent?.modelTurn?.parts?.[0]?.inlineData?.data;
+                      if (audioData && audioContextRef.current && outputNodeRef.current) {
+                          setIsSpeaking(true);
+                          const ctx = audioContextRef.current;
+                          const buffer = await decodeAudioData(decode(audioData), ctx, 24000, 1);
+                          
+                          const source = ctx.createBufferSource();
+                          source.buffer = buffer;
+                          source.connect(outputNodeRef.current);
+                          
+                          // Scheduling
+                          const now = ctx.currentTime;
+                          const startTime = Math.max(now, nextStartTimeRef.current);
+                          source.start(startTime);
+                          nextStartTimeRef.current = startTime + buffer.duration;
+                          
+                          activeSourcesRef.current.add(source);
+                          source.onended = () => {
+                              activeSourcesRef.current.delete(source);
+                              if (activeSourcesRef.current.size === 0) setIsSpeaking(false);
+                          };
+                      }
+
+                      // Handle Text Transcription
+                      const transcript = msg.serverContent?.modelTurn?.parts?.[0]?.text;
+                      if (transcript) {
+                          // Update last model log or add new
+                          setLogs(prev => {
+                              const last = prev[prev.length - 1];
+                              if (last && last.role === 'model' && !last.text.endsWith('\n')) {
+                                  // Append to existing turn (simplified logic)
+                                  return [...prev.slice(0, -1), { ...last, text: last.text + transcript }];
+                              }
+                              return [...prev, { role: 'model', text: transcript }];
+                          });
+                      }
+                      
+                      // Handle Transcription of User Input (Echo)
+                      // @ts-ignore - types might be missing in some SDK versions
+                      const userTranscript = msg.serverContent?.outputAudioTranscription?.text || msg.serverContent?.turnComplete && "User input processed";
+                      // Note: Standard API usually doesn't echo user transcript in serverContent easily without config, relying on model turn.
+                  },
+                  onclose: () => {
+                      setIsConnected(false);
+                      setLogs(prev => [...prev, {role: 'model', text: '连接已断开'}]);
+                  },
+                  onerror: (e) => {
+                      console.error("Live API Error", e);
+                      setIsConnected(false);
+                  }
+              }
+          });
+          
+          sessionPromiseRef.current = sessionPromise;
+
+      } catch (e) {
+          console.error("Connection failed", e);
+          setIsInitializing(false);
+      }
+  };
+
+  const disconnect = () => {
+      // Close Session
+      if (sessionPromiseRef.current) {
+          sessionPromiseRef.current.then(s => s.close());
+          sessionPromiseRef.current = null;
+      }
+      
+      // Cleanup Audio
+      if (audioStreamRef.current) audioStreamRef.current.getTracks().forEach(t => t.stop());
+      if (inputProcessorRef.current) inputProcessorRef.current.disconnect();
+      if (inputSourceRef.current) inputSourceRef.current.disconnect();
+      if (audioContextRef.current) audioContextRef.current.close();
+      
+      setIsConnected(false);
+      setIsMicOn(false);
+      setLogs([]);
+  };
+
+  const toggleMic = async () => {
+      if (!isConnected || !audioContextRef.current || !sessionPromiseRef.current || !audioStreamRef.current) return;
+      
+      const newMicState = !isMicOn;
+      setIsMicOn(newMicState);
+
+      if (newMicState) {
+          // START SENDING
+          const ctx = audioContextRef.current;
+          // Input context sample rate usually needs to match stream, but we resample manually or rely on createScriptProcessor logic
+          // Simple approach: Use 16k context for input if possible, or downsample. 
+          // Here we assume ctx is created at 24k (output), so input might need resampling or just sending as is if API tolerates.
+          // Gemini API expects 16k for input usually.
+          
+          const inputCtx = new (window.AudioContext || (window as any).webkitAudioContext)({ sampleRate: 16000 });
+          const source = inputCtx.createMediaStreamSource(audioStreamRef.current);
+          const processor = inputCtx.createScriptProcessor(4096, 1, 1);
+          
+          processor.onaudioprocess = (e) => {
+              if (!newMicState) return; // Guard
+              const inputData = e.inputBuffer.getChannelData(0);
+              const blob = createBlob(inputData);
+              sessionPromiseRef.current?.then(session => {
+                  session.sendRealtimeInput({ media: { mimeType: 'audio/pcm;rate=16000', data: blob.data } });
+              });
+          };
+          
+          source.connect(processor);
+          processor.connect(inputCtx.destination);
+          
+          // Store refs to disconnect later
+          // @ts-ignore
+          inputProcessorRef.current = processor; 
+          // @ts-ignore
+          inputSourceRef.current = source;
+          // Store input context to close? Usually separate from output context to handle diff sample rates easily.
+          
+      } else {
+          // STOP SENDING
+          if (inputProcessorRef.current) {
+              inputProcessorRef.current.disconnect();
+              inputProcessorRef.current = null;
+          }
+          if (inputSourceRef.current) {
+              inputSourceRef.current.disconnect();
+              inputSourceRef.current = null;
+          }
+      }
+  };
+
+  // Auto-disconnect when closing modal
+  useEffect(() => {
+      if (!isOpen && isConnected) disconnect();
+  }, [isOpen]);
+
+  if (!api.auth.getCurrentUser()) return null; // Safety check
+
+  return (
+    <div className="fixed bottom-6 right-6 z-[9999]">
+        {/* Floating Bubble */}
+        {!isOpen && (
+            <button 
+                onClick={() => setIsOpen(true)}
+                className="w-14 h-14 rounded-full bg-gradient-to-br from-indigo-600 to-purple-600 text-white shadow-2xl flex items-center justify-center hover:scale-110 transition-transform cursor-pointer border-2 border-white/20 animate-in zoom-in"
+            >
+                <Bot size={28} />
+            </button>
+        )}
+
+        {/* Expanded Interface */}
+        {isOpen && (
+            <div className="bg-white w-80 md:w-96 rounded-2xl shadow-2xl border border-gray-200 overflow-hidden flex flex-col animate-in slide-in-from-bottom-5 fade-in duration-300" style={{maxHeight: '600px', height: '80vh'}}>
+                {/* Header */}
+                <div className="bg-gradient-to-r from-indigo-600 to-purple-600 p-4 flex justify-between items-center text-white shrink-0">
+                    <div className="flex items-center gap-2">
+                        <Bot size={20}/>
+                        <span className="font-bold">AI 语音助理</span>
+                    </div>
+                    <div className="flex items-center gap-2">
+                        <button onClick={disconnect} title="重置" className="hover:bg-white/20 p-1.5 rounded-full"><RefreshCw size={16}/></button>
+                        <button onClick={() => setIsOpen(false)} title="最小化" className="hover:bg-white/20 p-1.5 rounded-full"><ChevronDown size={20}/></button>
+                    </div>
+                </div>
+
+                {/* Content / Logs */}
+                <div className="flex-1 bg-gray-50 p-4 overflow-y-auto space-y-3 custom-scrollbar">
+                    {logs.length === 0 && isConnected && (
+                        <div className="text-center text-gray-400 mt-10 text-sm">
+                            <p>点击下方麦克风开始说话</p>
+                            <p className="text-xs mt-2 opacity-70">Gemini 2.5 Flash (Native Audio)</p>
+                        </div>
+                    )}
+                    {logs.map((log, i) => (
+                        <div key={i} className={`flex ${log.role === 'user' ? 'justify-end' : 'justify-start'}`}>
+                            <div className={`max-w-[85%] p-3 rounded-2xl text-sm ${log.role === 'user' ? 'bg-indigo-600 text-white rounded-tr-none' : 'bg-white border border-gray-200 text-gray-800 rounded-tl-none shadow-sm'}`}>
+                                {log.text}
+                            </div>
+                        </div>
+                    ))}
+                    {isSpeaking && (
+                        <div className="flex justify-start">
+                            <div className="bg-white border border-gray-200 px-4 py-2 rounded-full shadow-sm flex items-center gap-2">
+                                <span className="flex gap-1 h-3 items-end">
+                                    <span className="w-1 bg-indigo-500 animate-[bounce_1s_infinite] h-2"></span>
+                                    <span className="w-1 bg-indigo-500 animate-[bounce_1.2s_infinite] h-3"></span>
+                                    <span className="w-1 bg-indigo-500 animate-[bounce_0.8s_infinite] h-1"></span>
+                                </span>
+                                <span className="text-xs text-indigo-600 font-bold">正在说话...</span>
+                            </div>
+                        </div>
+                    )}
+                </div>
+
+                {/* Controls */}
+                <div className="p-4 bg-white border-t border-gray-100 shrink-0">
+                    {!isConnected ? (
+                        <button 
+                            onClick={connect} 
+                            disabled={isInitializing || !apiKey}
+                            className="w-full py-3 bg-indigo-600 hover:bg-indigo-700 text-white rounded-xl font-bold flex items-center justify-center gap-2 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+                        >
+                            {isInitializing ? <Loader2 className="animate-spin"/> : <Power size={18}/>}
+                            {isInitializing ? '正在连接...' : '开启语音会话'}
+                        </button>
+                    ) : (
+                        <div className="flex flex-col gap-3">
+                            <div className="flex items-center justify-center">
+                                <button 
+                                    onClick={toggleMic}
+                                    className={`w-16 h-16 rounded-full flex items-center justify-center shadow-lg transition-all transform active:scale-95 ${isMicOn ? 'bg-red-500 text-white animate-pulse ring-4 ring-red-100' : 'bg-indigo-100 text-indigo-600 hover:bg-indigo-200'}`}
+                                >
+                                    {isMicOn ? <Square fill="currentColor" size={24}/> : <Mic size={28}/>}
+                                </button>
+                            </div>
+                            <p className="text-center text-xs text-gray-400 font-medium">
+                                {isMicOn ? '正在聆听... 点击停止发送' : '点击麦克风开始说话'}
+                            </p>
+                        </div>
+                    )}
+                </div>
+            </div>
+        )}
+    </div>
+  );
+};

server.js

@@ -3,7 +3,7 @@ const {
     School, User, Student, Course, Score, ClassModel, SubjectModel, ExamModel, ScheduleModel,
     ConfigModel, NotificationModel, GameSessionModel, StudentRewardModel, LuckyDrawConfigModel, GameMonsterConfigModel, GameZenConfigModel,
     AchievementConfigModel, TeacherExchangeConfigModel, StudentAchievementModel, AttendanceModel, LeaveRequestModel, SchoolCalendarModel,
-    WishModel, FeedbackModel, TodoModel, AIUsageModel
+    WishModel, FeedbackModel, TodoModel
 } = require('./models');
 
 // Import AI Routes
@@ -113,6 +113,8 @@ const generateStudentNo = async () => {
 // MOUNT AI ROUTES
 app.use('/api/ai', aiRoutes);
 
+// ... (Rest of Existing Routes) ...
+
 // --- TODO LIST ENDPOINTS ---
 app.get('/api/todos', async (req, res) => {
     const username = req.headers['x-user-username'];
@@ -199,6 +201,7 @@ app.put('/api/users/:id/menu-order', async (req, res) => {
     res.json({ success: true });
 });
 
+// ... (Rest of existing routes unchanged) ...
 app.get('/api/classes/:className/teachers', async (req, res) => {
     const { className } = req.params;
     const schoolId = req.headers['x-school-id'];
@@ -365,36 +368,13 @@ app.post('/api/achievements/exchange', async (req, res) => {
     if (rule.rewardType === 'DRAW_COUNT') { await Student.findByIdAndUpdate(studentId, { $inc: { drawAttempts: rule.rewardValue } }); }
     res.json({ success: true });
 });
-
-// --- UPDATED AUTH/ME LOGIC ---
 app.get('/api/auth/me', async (req, res) => {
-    // 1. Try header (for internal AI calls if needed)
     const username = req.headers['x-user-username'];
-    if (username) {
-        const user = await User.findOne({ username });
-        if (user) return res.json(user);
-    }
-
-    // 2. Try Authorization Token (Standard way)
-    const authHeader = req.headers.authorization;
-    if (authHeader) {
-        const token = authHeader.split(' ')[1]; // Bearer <token>
-        if (token && token.startsWith('mock-token-')) {
-            const userId = token.replace('mock-token-', '');
-            try {
-                // Simplified lookup without strict regex to support migrated/mock data
-                const user = await User.findById(userId);
-                if (user) return res.json(user);
-            } catch (e) {
-                // Ignore cast errors or invalid ID formats
-                console.log('Session lookup error:', e.message);
-            }
-        }
-    }
-
-    return res.status(401).json({ error: 'Unauthorized' });
+    if (!username) return res.status(401).json({ error: 'Unauthorized' });
+    const user = await User.findOne({ username });
+    if (!user) return res.status(404).json({ error: 'User not found' });
+    res.json(user);
 });
-
 app.post('/api/auth/update-profile', async (req, res) => {
     const { userId, trueName, phone, avatar, currentPassword, newPassword } = req.body;
     try {
@@ -524,16 +504,7 @@ app.post('/api/courses', async (req, res) => { const data = injectSchoolId(req,
 app.get('/api/public/schools', async (req, res) => { res.json(await School.find({}, 'name code _id')); });
 app.get('/api/public/config', async (req, res) => { const currentSem = getAutoSemester(); let config = await ConfigModel.findOne({ key: 'main' }); if (config) { let semesters = config.semesters || []; if (!semesters.includes(currentSem)) { semesters.unshift(currentSem); config.semesters = semesters; config.semester = currentSem; await ConfigModel.updateOne({ key: 'main' }, { semesters, semester: currentSem }); } } else { config = { key: 'main', allowRegister: true, semester: currentSem, semesters: [currentSem] }; } res.json(config); });
 app.get('/api/public/meta', async (req, res) => { res.json({ classes: await ClassModel.find({ schoolId: req.query.schoolId }), subjects: await SubjectModel.find({ schoolId: req.query.schoolId }) }); });
-
-// --- UPDATED LOGIN: RETURN { token, user } ---
-app.post('/api/auth/login', async (req, res) => { 
-    const { username, password } = req.body; 
-    const user = await User.findOne({ username, password }); 
-    if (!user) return res.status(401).json({ message: 'Error' }); 
-    if (user.status !== 'active') return res.status(403).json({ error: 'PENDING_APPROVAL' }); 
-    res.json({ token: 'mock-token-' + user._id.toString(), user }); 
-});
-
+app.post('/api/auth/login', async (req, res) => { const { username, password } = req.body; const user = await User.findOne({ username, password }); if (!user) return res.status(401).json({ message: 'Error' }); if (user.status !== 'active') return res.status(403).json({ error: 'PENDING_APPROVAL' }); res.json(user); });
 app.get('/api/schools', async (req, res) => { res.json(await School.find()); });
 app.post('/api/schools', async (req, res) => { res.json(await School.create(req.body)); });
 app.put('/api/schools/:id', async (req, res) => { await School.findByIdAndUpdate(req.params.id, req.body); res.json({}); });

services/api.ts

@@ -1,248 +1,284 @@
 
-import { User } from '../types';
-
-const API_BASE = '/api';
-
-const request = async (endpoint: string, options?: RequestInit & { skipRedirect?: boolean }) => {
-  const token = localStorage.getItem('token');
-  const headers = {
-    'Content-Type': 'application/json',
-    ...(token ? { Authorization: `Bearer ${token}` } : {}),
-    ...options?.headers,
-  };
-
-  // Add school context header if available (for admin view)
-  const schoolId = localStorage.getItem('admin_view_school_id');
-  if (schoolId) {
-      // @ts-ignore
-      headers['x-school-id'] = schoolId;
+// ... existing imports
+import { User, ClassInfo, SystemConfig, Subject, School, Schedule, GameSession, StudentReward, LuckyDrawConfig, Attendance, LeaveRequest, AchievementConfig, SchoolCalendarEntry, TeacherExchangeConfig, Wish, Feedback, AIChatMessage, Todo } from '../types';
+
+// ... existing getBaseUrl ...
+const getBaseUrl = () => {
+  let isProd = false;
+  try {
+    // @ts-ignore
+    if (typeof import.meta !== 'undefined' && import.meta.env && import.meta.env.PROD) {
+      isProd = true;
+    }
+  } catch (e) {}
+  
+  if (isProd || (typeof window !== 'undefined' && window.location.port === '7860')) {
+    return '/api';
   }
+  return 'http://localhost:7860/api';
+};
 
-  const response = await fetch(`${API_BASE}${endpoint}`, {
-    ...options,
-    headers,
-  });
+const API_BASE_URL = getBaseUrl();
 
-  if (response.status === 401) {
-    if (!options?.skipRedirect) {
-        localStorage.removeItem('token');
-        localStorage.removeItem('user');
-        window.location.href = '/';
+async function request(endpoint: string, options: RequestInit = {}) {
+  const headers: any = { 'Content-Type': 'application/json', ...options.headers };
+  
+  if (typeof window !== 'undefined') {
+    const currentUser = JSON.parse(localStorage.getItem('user') || 'null');
+    const selectedSchoolId = localStorage.getItem('admin_view_school_id');
+    
+    if (currentUser?.role === 'ADMIN' && selectedSchoolId) {
+      headers['x-school-id'] = selectedSchoolId;
+    } else if (currentUser?.schoolId) {
+      headers['x-school-id'] = currentUser.schoolId;
+    }
+    
+    if (currentUser?.role) {
+      headers['x-user-role'] = currentUser.role;
+      headers['x-user-username'] = currentUser.username;
     }
-    throw new Error('Unauthorized');
   }
 
-  if (!response.ok) {
-    const errorData = await response.json().catch(() => ({}));
-    throw new Error(errorData.message || errorData.error || 'API Request Failed');
-  }
+  const res = await fetch(`${API_BASE_URL}${endpoint}`, { ...options, headers });
 
-  // Handle empty responses
-  const text = await response.text();
-  return text ? JSON.parse(text) : {};
-};
+  if (!res.ok) {
+    if (res.status === 401) throw new Error('AUTH_FAILED');
+    const errorData = await res.json().catch(() => ({}));
+    const errorMessage = errorData.error || errorData.message || `Server Error: ${res.status}`;
+    if (errorData.error === 'PENDING_APPROVAL') throw new Error('PENDING_APPROVAL');
+    if (errorData.error === 'BANNED') throw new Error('BANNED');
+    if (errorData.error === 'CONFLICT') throw new Error(errorData.message); 
+    if (errorData.error === 'INVALID_PASSWORD') throw new Error('INVALID_PASSWORD');
+    throw new Error(errorMessage);
+  }
+  return res.json();
+}
 
 export const api = {
-  init: () => {
-      // Any initialization logic if needed
-  },
+  init: () => console.log('🔗 API:', API_BASE_URL),
+
   auth: {
-    login: async (username: string, password?: string) => {
-      const res = await request('/auth/login', {
-        method: 'POST',
-        body: JSON.stringify({ username, password }),
-      });
-      localStorage.setItem('token', res.token);
-      localStorage.setItem('user', JSON.stringify(res.user));
-      return res.user;
+    login: async (username: string, password: string): Promise<User> => {
+      const user = await request('/auth/login', { method: 'POST', body: JSON.stringify({ username, password }) });
+      if (typeof window !== 'undefined') {
+        localStorage.setItem('user', JSON.stringify(user));
+        localStorage.removeItem('admin_view_school_id');
+      }
+      return user;
     },
-    register: async (data: any) => request('/auth/register', { method: 'POST', body: JSON.stringify(data) }),
-    logout: () => {
-      localStorage.removeItem('token');
-      localStorage.removeItem('user');
-      window.location.reload();
+    refreshSession: async (): Promise<User | null> => {
+        try {
+            const user = await request('/auth/me');
+            if (typeof window !== 'undefined' && user) {
+                localStorage.setItem('user', JSON.stringify(user));
+            }
+            return user;
+        } catch (e) { return null; }
     },
-    getCurrentUser: (): User | null => {
-      try {
-        const userStr = localStorage.getItem('user');
-        // Handle explicit "undefined" string or null
-        if (!userStr || userStr === 'undefined' || userStr === 'null') {
-            if(userStr) localStorage.removeItem('user');
-            return null;
-        }
-        return JSON.parse(userStr);
-      } catch (e) {
-        console.warn('Failed to parse user session, clearing cache.');
+    register: async (data: any): Promise<User> => {
+      return await request('/auth/register', { method: 'POST', body: JSON.stringify(data) });
+    },
+    updateProfile: async (data: any): Promise<any> => {
+      return await request('/auth/update-profile', { method: 'POST', body: JSON.stringify(data) });
+    },
+    logout: () => {
+      if (typeof window !== 'undefined') {
         localStorage.removeItem('user');
-        return null;
+        localStorage.removeItem('admin_view_school_id');
       }
     },
-    refreshSession: async () => {
+    getCurrentUser: (): User | null => {
+      if (typeof window !== 'undefined') {
         try {
-            // Pass skipRedirect: true to prevent infinite reload loop if server returns 401
-            // @ts-ignore
-            const user = await request('/auth/me', { skipRedirect: true });
-            localStorage.setItem('user', JSON.stringify(user));
-            return user;
-        } catch (e) { 
-            // If refresh fails (e.g. 401), clear local user to force re-login on next check, but don't hard reload
-            localStorage.removeItem('user');
-            localStorage.removeItem('token');
-            return null; 
+          const stored = localStorage.getItem('user');
+          if (stored) return JSON.parse(stored);
+        } catch (e) {
+          localStorage.removeItem('user');
         }
+      }
+      return null;
+    }
+  },
+
+  schools: {
+    getPublic: () => request('/public/schools'),
+    getAll: () => request('/schools'),
+    add: (data: School) => request('/schools', { method: 'POST', body: JSON.stringify(data) }),
+    update: (id: string, data: Partial<School>) => request(`/schools/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string) => request(`/schools/${id}`, { method: 'DELETE' })
+  },
+
+  users: {
+    getAll: (options?: { global?: boolean; role?: string }) => {
+       const params = new URLSearchParams();
+       if (options?.global) params.append('global', 'true');
+       if (options?.role) params.append('role', options.role);
+       return request(`/users?${params.toString()}`);
     },
-    updateProfile: (data: any) => request('/auth/profile', { method: 'PUT', body: JSON.stringify(data) }),
+    update: (id: string, data: Partial<User>) => request(`/users/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string) => request(`/users/${id}`, { method: 'DELETE' }),
+    applyClass: (data: { userId: string, type: 'CLAIM'|'RESIGN', targetClass?: string, action: 'APPLY'|'APPROVE'|'REJECT' }) => 
+        request('/users/class-application', { method: 'POST', body: JSON.stringify(data) }),
+    getTeachersForClass: (className: string) => request(`/classes/${encodeURIComponent(className)}/teachers`),
+    saveMenuOrder: (userId: string, order: string[]) => request(`/users/${userId}/menu-order`, { method: 'PUT', body: JSON.stringify({ menuOrder: order }) }), // NEW
   },
+
   students: {
     getAll: () => request('/students'),
     add: (data: any) => request('/students', { method: 'POST', body: JSON.stringify(data) }),
     update: (id: string, data: any) => request(`/students/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/students/${id}`, { method: 'DELETE' }),
-    transfer: (data: { studentId: string, targetClass: string }) => request('/students/transfer', { method: 'POST', body: JSON.stringify(data) }),
+    delete: (id: string | number) => request(`/students/${id}`, { method: 'DELETE' }),
     promote: (data: { teacherFollows: boolean }) => request('/students/promote', { method: 'POST', body: JSON.stringify(data) }),
+    transfer: (data: { studentId: string, targetClass: string }) => request('/students/transfer', { method: 'POST', body: JSON.stringify(data) })
   },
+
   classes: {
     getAll: () => request('/classes'),
-    add: (data: any) => request('/classes', { method: 'POST', body: JSON.stringify(data) }),
-    delete: (id: string | number) => request(`/classes/${id}`, { method: 'DELETE' }),
+    add: (data: ClassInfo) => request('/classes', { method: 'POST', body: JSON.stringify(data) }),
+    delete: (id: string | number) => request(`/classes/${id}`, { method: 'DELETE' })
   },
+
+  subjects: {
+    getAll: () => request('/subjects'),
+    add: (data: Subject) => request('/subjects', { method: 'POST', body: JSON.stringify(data) }),
+    update: (id: string | number, data: Partial<Subject>) => request(`/subjects/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string | number) => request(`/subjects/${id}`, { method: 'DELETE' })
+  },
+
+  exams: {
+    getAll: () => request('/exams'),
+    save: (data: any) => request('/exams', { method: 'POST', body: JSON.stringify(data) })
+  },
+
   courses: {
     getAll: () => request('/courses'),
     add: (data: any) => request('/courses', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id: string, data: any) => request(`/courses/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/courses/${id}`, { method: 'DELETE' }),
+    update: (id: string | number, data: any) => request(`/courses/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string | number) => request(`/courses/${id}`, { method: 'DELETE' })
   },
+
   scores: {
     getAll: () => request('/scores'),
     add: (data: any) => request('/scores', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id: string, data: any) => request(`/scores/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/scores/${id}`, { method: 'DELETE' }),
-  },
-  subjects: {
-    getAll: () => request('/subjects'),
-    add: (data: any) => request('/subjects', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id: string, data: any) => request(`/subjects/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/subjects/${id}`, { method: 'DELETE' }),
+    update: (id: string | number, data: any) => request(`/scores/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string | number) => request(`/scores/${id}`, { method: 'DELETE' })
   },
-  users: {
-    getAll: (params?: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/users?${qs}`);
+  
+  schedules: {
+    get: (params: { className?: string; teacherName?: string; grade?: string }) => {
+       const qs = new URLSearchParams(params as any).toString();
+       return request(`/schedules?${qs}`);
     },
-    saveMenuOrder: (userId: string, order: string[]) => request(`/users/${userId}/menu`, { method: 'PUT', body: JSON.stringify({ menuOrder: order }) }),
-    applyClass: (data: any) => request('/users/apply-class', { method: 'POST', body: JSON.stringify(data) }),
-    getTeachersForClass: (className: string) => request(`/users/teachers?className=${encodeURIComponent(className)}`),
-    update: (id: string, data: any) => request(`/users/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/users/${id}`, { method: 'DELETE' }),
+    save: (data: Schedule) => request('/schedules', { method: 'POST', body: JSON.stringify(data) }),
+    delete: (params: { className: string; dayOfWeek: number; period: number }) => {
+       const qs = new URLSearchParams(params as any).toString();
+       return request(`/schedules?${qs}`, { method: 'DELETE' });
+    }
   },
-  schools: {
-    getAll: () => request('/schools'),
-    getPublic: () => request('/public/schools'),
-    add: (data: any) => request('/schools', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id: string, data: any) => request(`/schools/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/schools/${id}`, { method: 'DELETE' }),
+
+  attendance: {
+    checkIn: (data: { studentId: string, date: string, status?: string }) => request('/attendance/check-in', { method: 'POST', body: JSON.stringify(data) }),
+    get: (params: { className?: string, date?: string, studentId?: string }) => {
+        const qs = new URLSearchParams(params as any).toString();
+        return request(`/attendance?${qs}`);
+    },
+    batch: (data: { className: string, date: string, status?: string }) => request('/attendance/batch', { method: 'POST', body: JSON.stringify(data) }),
+    update: (data: { studentId: string, date: string, status: string }) => request('/attendance/update', { method: 'PUT', body: JSON.stringify(data) }),
+    applyLeave: (data: { studentId: string, studentName: string, className: string, reason: string, startDate: string, endDate: string }) => request('/leave', { method: 'POST', body: JSON.stringify(data) }),
   },
-  notifications: {
-    getAll: (userId: string, role: string) => request(`/notifications?userId=${userId}&role=${role}`),
+  
+  calendar: {
+      get: (className: string) => request(`/attendance/calendar?className=${className}`),
+      add: (data: SchoolCalendarEntry) => request('/attendance/calendar', { method: 'POST', body: JSON.stringify(data) }),
+      delete: (id: string) => request(`/attendance/calendar/${id}`, { method: 'DELETE' })
   },
+
   stats: {
-    getSummary: () => request('/stats/summary'),
+    getSummary: () => request('/stats')
   },
+
   config: {
-    get: () => request('/config'),
+    get: () => request('/config'), 
     getPublic: () => request('/public/config'),
-    save: (data: any) => request('/config', { method: 'POST', body: JSON.stringify(data) }),
+    save: (data: SystemConfig) => request('/config', { method: 'POST', body: JSON.stringify(data) })
   },
-  exams: {
-    getAll: () => request('/exams'),
-    save: (data: any) => request('/exams', { method: 'POST', body: JSON.stringify(data) }),
-  },
-  schedules: {
-    get: (params: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/schedules?${qs}`);
-    },
-    save: (data: any) => request('/schedules', { method: 'POST', body: JSON.stringify(data) }),
-    delete: (params: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/schedules?${qs}`, { method: 'DELETE' });
-    }
+  
+  notifications: {
+    getAll: (userId: string, role: string) => request(`/notifications?userId=${userId}&role=${role}`),
   },
+
   games: {
-    grantReward: (data: any) => request('/games/grant', { method: 'POST', body: JSON.stringify(data) }),
-    getMountainSession: (className: string) => request(`/games/mountain?className=${encodeURIComponent(className)}`),
-    saveMountainSession: (data: any) => request('/games/mountain', { method: 'POST', body: JSON.stringify(data) }),
-    getLuckyConfig: (className: string, ownerId: string) => request(`/games/lucky/config?className=${encodeURIComponent(className)}&ownerId=${ownerId}`),
-    saveLuckyConfig: (data: any) => request('/games/lucky/config', { method: 'POST', body: JSON.stringify(data) }),
-    drawLucky: (studentId: string) => request('/games/lucky/draw', { method: 'POST', body: JSON.stringify({ studentId }) }),
-    getMonsterConfig: (className: string) => request(`/games/monster/config?className=${encodeURIComponent(className)}`),
-    saveMonsterConfig: (data: any) => request('/games/monster/config', { method: 'POST', body: JSON.stringify(data) }),
-    getZenConfig: (className: string) => request(`/games/zen/config?className=${encodeURIComponent(className)}`),
-    saveZenConfig: (data: any) => request('/games/zen/config', { method: 'POST', body: JSON.stringify(data) }),
-  },
-  rewards: {
-    getMyRewards: (studentId: string, page: number, pageSize: number) => request(`/rewards/my?studentId=${studentId}&page=${page}&limit=${pageSize}`),
-    getClassRewards: (page: number, pageSize: number, className: string) => request(`/rewards/class?page=${page}&limit=${pageSize}&className=${encodeURIComponent(className)}`),
-    addReward: (data: any) => request('/rewards', { method: 'POST', body: JSON.stringify(data) }),
-    redeem: (id: string) => request(`/rewards/${id}/redeem`, { method: 'POST' }),
-    update: (id: string, data: any) => request(`/rewards/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/rewards/${id}`, { method: 'DELETE' }),
+    getMountainSession: (className: string) => request(`/games/mountain?className=${className}`),
+    saveMountainSession: (data: GameSession) => request('/games/mountain', { method: 'POST', body: JSON.stringify(data) }),
+    getLuckyConfig: (className?: string, ownerId?: string) => request(`/games/lucky-config?className=${className || ''}${ownerId ? `&ownerId=${ownerId}` : ''}`),
+    saveLuckyConfig: (data: LuckyDrawConfig) => request('/games/lucky-config', { method: 'POST', body: JSON.stringify(data) }),
+    drawLucky: (studentId: string) => request('/games/lucky-draw', { method: 'POST', body: JSON.stringify({ studentId }) }),
+    grantReward: (data: { studentId: string, count: number, rewardType: string, name?: string }) => request('/games/grant-reward', { method: 'POST', body: JSON.stringify(data) }),
+    getMonsterConfig: (className: string) => request(`/games/monster-config?className=${className}`),
+    saveMonsterConfig: (data: any) => request('/games/monster-config', { method: 'POST', body: JSON.stringify(data) }),
+    getZenConfig: (className: string) => request(`/games/zen-config?className=${className}`),
+    saveZenConfig: (data: any) => request('/games/zen-config', { method: 'POST', body: JSON.stringify(data) }),
   },
+  
   achievements: {
-    getConfig: (className: string) => request(`/achievements/config?className=${encodeURIComponent(className)}`),
-    getMyRules: () => request('/achievements/my-rules'),
-    saveConfig: (data: any) => request('/achievements/config', { method: 'POST', body: JSON.stringify(data) }),
-    saveMyRules: (data: any) => request('/achievements/my-rules', { method: 'POST', body: JSON.stringify(data) }),
-    grant: (data: { studentId: string, achievementId: string, semester: string }) => request('/achievements/grant', { method: 'POST', body: JSON.stringify(data) }),
-    exchange: (data: { studentId: string, ruleId: string, teacherId?: string }) => request('/achievements/exchange', { method: 'POST', body: JSON.stringify(data) }),
-    getStudentAchievements: (studentId: string, semester: string) => request(`/achievements/student/${studentId}?semester=${encodeURIComponent(semester)}`),
-    getRulesByTeachers: (teacherIds: string[]) => request('/achievements/rules-by-teachers', { method: 'POST', body: JSON.stringify({ teacherIds }) }),
+      getConfig: (className: string) => request(`/achievements/config?className=${className}`),
+      saveConfig: (data: AchievementConfig) => request('/achievements/config', { method: 'POST', body: JSON.stringify(data) }),
+      getStudentAchievements: (studentId: string, semester?: string) => request(`/achievements/student?studentId=${studentId}${semester ? `&semester=${semester}` : ''}`),
+      grant: (data: { studentId: string, achievementId: string, semester: string }) => request('/achievements/grant', { method: 'POST', body: JSON.stringify(data) }),
+      exchange: (data: { studentId: string, ruleId: string, teacherId?: string }) => request('/achievements/exchange', { method: 'POST', body: JSON.stringify(data) }),
+      getMyRules: () => request('/achievements/teacher-rules'),
+      saveMyRules: (data: TeacherExchangeConfig) => request('/achievements/teacher-rules', { method: 'POST', body: JSON.stringify(data) }),
+      getRulesByTeachers: (teacherIds: string[]) => request(`/achievements/teacher-rules?teacherIds=${teacherIds.join(',')}`),
   },
-  attendance: {
-    get: (params: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/attendance?${qs}`);
-    },
-    checkIn: (data: { studentId: string, date: string }) => request('/attendance/checkin', { method: 'POST', body: JSON.stringify(data) }),
-    applyLeave: (data: any) => request('/attendance/leave', { method: 'POST', body: JSON.stringify(data) }),
-    batch: (data: { className: string, date: string }) => request('/attendance/batch', { method: 'POST', body: JSON.stringify(data) }),
-    update: (data: any) => request('/attendance/update', { method: 'POST', body: JSON.stringify(data) }),
+
+  rewards: {
+    getMyRewards: (studentId: string, page = 1, limit = 20) => request(`/rewards?studentId=${studentId}&page=${page}&limit=${limit}&excludeType=CONSOLATION`),
+    getClassRewards: (page = 1, limit = 20, className?: string) => {
+        let qs = `scope=class&page=${page}&limit=${limit}&excludeType=CONSOLATION`;
+        if (className) qs += `&className=${className}`;
+        return request(`/rewards?${qs}`);
+    }, 
+    addReward: (data: Partial<StudentReward>) => request('/rewards', { method: 'POST', body: JSON.stringify(data) }),
+    update: (id: string, data: Partial<StudentReward>) => request(`/rewards/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+    delete: (id: string) => request(`/rewards/${id}`, { method: 'DELETE' }),
+    redeem: (id: string) => request(`/rewards/${id}/redeem`, { method: 'POST' }),
   },
-  calendar: {
-    get: (className: string) => request(`/calendar?className=${encodeURIComponent(className)}`),
-    add: (data: any) => request('/calendar', { method: 'POST', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/calendar/${id}`, { method: 'DELETE' }),
+
+  batchDelete: (type: 'student' | 'score' | 'user', ids: string[]) => {
+    return request('/batch-delete', { method: 'POST', body: JSON.stringify({ type, ids }) });
   },
+
   wishes: {
-    getAll: (params: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/wishes?${qs}`);
-    },
-    create: (data: any) => request('/wishes', { method: 'POST', body: JSON.stringify(data) }),
-    fulfill: (id: string) => request(`/wishes/${id}/fulfill`, { method: 'POST' }),
-    randomFulfill: (teacherId: string) => request(`/wishes/random?teacherId=${teacherId}`, { method: 'POST' }),
+      getAll: (params: { teacherId?: string, studentId?: string, status?: string }) => {
+          const qs = new URLSearchParams(params as any).toString();
+          return request(`/wishes?${qs}`);
+      },
+      create: (data: Partial<Wish>) => request('/wishes', { method: 'POST', body: JSON.stringify(data) }),
+      fulfill: (id: string) => request(`/wishes/${id}/fulfill`, { method: 'POST' }),
+      randomFulfill: (teacherId: string) => request('/wishes/random-fulfill', { method: 'POST', body: JSON.stringify({ teacherId }) }),
   },
+
   feedback: {
-    getAll: (params: any) => {
-        const qs = new URLSearchParams(params).toString();
-        return request(`/feedback?${qs}`);
-    },
-    create: (data: any) => request('/feedback', { method: 'POST', body: JSON.stringify(data) }),
-    update: (id: string, data: any) => request(`/feedback/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    ignoreAll: (userId: string) => request(`/feedback/ignore-all`, { method: 'POST', body: JSON.stringify({ userId }) }),
-  },
-  todos: {
-    getAll: () => request('/todos'),
-    add: (content: string) => request('/todos', { method: 'POST', body: JSON.stringify({ content }) }),
-    update: (id: string, data: any) => request(`/todos/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-    delete: (id: string) => request(`/todos/${id}`, { method: 'DELETE' }),
+      getAll: (params: { targetId?: string, creatorId?: string, type?: string, status?: string }) => {
+          const qs = new URLSearchParams(params as any).toString();
+          return request(`/feedback?${qs}`);
+      },
+      create: (data: Partial<Feedback>) => request('/feedback', { method: 'POST', body: JSON.stringify(data) }),
+      update: (id: string, data: { status?: string, reply?: string }) => request(`/feedback/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+      ignoreAll: (targetId: string) => request('/feedback/ignore-all', { method: 'POST', body: JSON.stringify({ targetId }) }),
   },
+
   ai: {
       chat: (data: { text?: string, audio?: string, history?: { role: string, text?: string }[] }) => request('/ai/chat', { method: 'POST', body: JSON.stringify(data) }),
-      evaluate: (data: { question: string, audio?: string, images?: string[] }) => request('/ai/evaluate', { method: 'POST', body: JSON.stringify(data) }),
+      evaluate: (data: { question: string, audio?: string, image?: string }) => request('/ai/evaluate', { method: 'POST', body: JSON.stringify(data) }),
       resetPool: () => request('/ai/reset-pool', { method: 'POST' }), 
-      getStats: () => request('/ai/stats'),
-      getKey: () => request('/ai/config/key'),
+      getStats: () => request('/ai/stats'), // NEW Detailed Stats
   },
-  batchDelete: (resource: string, ids: string[]) => request(`/batch/${resource}`, { method: 'POST', body: JSON.stringify({ ids }) }),
+
+  todos: { // NEW
+      getAll: () => request('/todos'),
+      add: (content: string) => request('/todos', { method: 'POST', body: JSON.stringify({ content }) }),
+      update: (id: string, data: Partial<Todo>) => request(`/todos/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
+      delete: (id: string) => request(`/todos/${id}`, { method: 'DELETE' }),
+  }
 };