Upload folder using huggingface_hub

routes/auth.js

@@ -2,7 +2,7 @@
 const express = require('express');
 const router = express.Router();
 
-// Pre-defined users
+// Pre-defined users (legacy, kept for backwards compatibility). New code persists to MongoDB.
 const PREDEFINED_USERS = {
   'mche0278@student.monash.edu': { name: 'Michelle Chen', email: 'mche0278@student.monash.edu', role: 'student' },
   'zfan0011@student.monash.edu': { name: 'Fang Zhou', email: 'zfan0011@student.monash.edu', role: 'student' },
@@ -22,6 +22,14 @@ const PREDEFINED_USERS = {
   'hongchang.yu@monash.edu': { name: 'Tristan', email: 'hongchang.yu@monash.edu', role: 'admin' }
 };
 
+// Persistent users model
+let User;
+try {
+  User = require('../models/User');
+} catch (e) {
+  User = null;
+}
+
 // Middleware to verify token (simplified)
 const authenticateToken = (req, res, next) => {
   const authHeader = req.headers['authorization'];
@@ -91,7 +99,12 @@ router.post('/online/heartbeat', authenticateToken, async (req, res) => {
 router.post('/login', async (req, res) => {
   try {
     const { email } = req.body;
-    const user = PREDEFINED_USERS[email];
+    // Try persistent user first
+    let dbUser = null;
+    if (User && email) {
+      try { dbUser = await User.findOne({ email: String(email).toLowerCase().trim() }); } catch {}
+    }
+    const user = dbUser || PREDEFINED_USERS[email];
     if (user) {
       const token = `user_${Date.now()}`;
       // Persist an access session immediately on login
@@ -99,6 +112,16 @@ router.post('/login', async (req, res) => {
         const AccessSession = require('../models/AccessSession');
         await new AccessSession({ email: user.email, role: user.role, startAt: new Date(), lastSeen: new Date(), path: '/login' }).save();
       } catch (e) {}
+      // Upsert user into persistent store to avoid loss
+      if (User && user?.email) {
+        try {
+          await User.findOneAndUpdate(
+            { email: String(user.email).toLowerCase().trim() },
+            { $set: { name: user.name || user.displayName || '', username: (user.email || '').split('@')[0], email: String(user.email).toLowerCase().trim(), role: user.role || 'student' } },
+            { upsert: true, new: true, setDefaultsOnInsert: true }
+          );
+        } catch {}
+      }
       res.json({ success: true, token, user: { name: user.name, displayName: user.displayName || user.name, email: user.email, role: user.role } });
     } else {
       const visitorUser = { name: 'Visitor', email, role: 'visitor' };
@@ -107,6 +130,7 @@ router.post('/login', async (req, res) => {
         const AccessSession = require('../models/AccessSession');
         await new AccessSession({ email: (email || 'visitor@example.com'), role: 'visitor', startAt: new Date(), lastSeen: new Date(), path: '/login' }).save();
       } catch (e) {}
+      // Do not persist visitors by default
       res.json({ success: true, token, user: visitorUser });
     }
   } catch (error) {
@@ -130,10 +154,20 @@ router.get('/admin/users', authenticateToken, async (req, res) => {
   try {
     const now = Date.now();
     const ONLINE_WINDOW_MS = 2 * 60 * 1000; // 2 minutes
-    const users = Object.values(PREDEFINED_USERS).map(u => ({
-      ...u,
-      online: !!(ONLINE_USERS[u.email] && (now - ONLINE_USERS[u.email] < ONLINE_WINDOW_MS))
-    }));
+    let users = [];
+    if (User) {
+      try {
+        const docs = await User.find({}).select('name email role').sort({ email: 1 }).lean();
+        users = docs.map(u => ({ ...u, online: !!(ONLINE_USERS[u.email] && (now - ONLINE_USERS[u.email] < ONLINE_WINDOW_MS)) }));
+      } catch {}
+    }
+    // Fallback to predefined if DB empty
+    if (!users || users.length === 0) {
+      users = Object.values(PREDEFINED_USERS).map(u => ({
+        ...u,
+        online: !!(ONLINE_USERS[u.email] && (now - ONLINE_USERS[u.email] < ONLINE_WINDOW_MS))
+      }));
+    }
     res.json({ success: true, users });
   } catch (error) {
     console.error('Get users error:', error);
@@ -146,8 +180,19 @@ router.post('/admin/users', authenticateToken, async (req, res) => {
   try {
     const { name, email, role, displayName } = req.body || {};
     if (!email || !name) return res.status(400).json({ error: 'Name and email required' });
-    PREDEFINED_USERS[email] = { name, email, role: role || 'student', ...(displayName ? { displayName } : {}) };
-    res.json({ success: true, user: PREDEFINED_USERS[email] });
+    let saved = null;
+    if (User) {
+      try {
+        saved = await User.findOneAndUpdate(
+          { email: String(email).toLowerCase().trim() },
+          { $set: { name: name.trim(), username: String(email).split('@')[0], email: String(email).toLowerCase().trim(), role: (role || 'student').trim() } },
+          { upsert: true, new: true, setDefaultsOnInsert: true }
+        );
+      } catch {}
+    }
+    // Keep legacy map in sync (non-critical)
+    PREDEFINED_USERS[email] = { name, email: String(email).toLowerCase().trim(), role: role || 'student', ...(displayName ? { displayName } : {}) };
+    res.json({ success: true, user: saved || PREDEFINED_USERS[email] });
   } catch (error) {
     console.error('Add user error:', error);
     res.status(500).json({ error: 'Failed to add user' });
@@ -158,12 +203,24 @@ router.post('/admin/users', authenticateToken, async (req, res) => {
 router.put('/admin/users/:email', authenticateToken, async (req, res) => {
   try {
     const email = req.params.email;
-    if (!PREDEFINED_USERS[email]) return res.status(404).json({ error: 'User not found' });
     const { name, role, displayName } = req.body || {};
-    if (typeof name === 'string' && name.trim()) PREDEFINED_USERS[email].name = name.trim();
-    if (typeof role === 'string' && role.trim()) PREDEFINED_USERS[email].role = role.trim();
-    if (typeof displayName === 'string') PREDEFINED_USERS[email].displayName = displayName;
-    res.json({ success: true, user: PREDEFINED_USERS[email] });
+    let updated = null;
+    if (User) {
+      try {
+        const update = {};
+        if (typeof name === 'string' && name.trim()) update.name = name.trim();
+        if (typeof role === 'string' && role.trim()) update.role = role.trim();
+        updated = await User.findOneAndUpdate({ email: String(email).toLowerCase().trim() }, { $set: update }, { new: true });
+      } catch {}
+    }
+    // Sync legacy map as best-effort
+    if (!PREDEFINED_USERS[email]) PREDEFINED_USERS[email] = { name: name || '', email, role: role || 'student', ...(displayName ? { displayName } : {}) };
+    else {
+      if (typeof name === 'string' && name.trim()) PREDEFINED_USERS[email].name = name.trim();
+      if (typeof role === 'string' && role.trim()) PREDEFINED_USERS[email].role = role.trim();
+      if (typeof displayName === 'string') PREDEFINED_USERS[email].displayName = displayName;
+    }
+    res.json({ success: true, user: updated || PREDEFINED_USERS[email] });
   } catch (error) {
     console.error('Update user error:', error);
     res.status(500).json({ error: 'Failed to update user' });
@@ -175,8 +232,13 @@ router.get('/admin/stats', authenticateToken, async (req, res) => {
     const SourceText = require('../models/SourceText');
     const Submission = require('../models/Submission');
     const AccessSession = require('../models/AccessSession');
+    let totalUsers = 0;
+    if (User) {
+      try { totalUsers = await User.countDocuments({}); } catch {}
+    }
+    if (!totalUsers) totalUsers = Object.keys(PREDEFINED_USERS).length;
     const stats = {
-      totalUsers: Object.keys(PREDEFINED_USERS).length,
+      totalUsers,
       practiceExamples: await SourceText.countDocuments({ sourceType: 'practice' }),
       totalSubmissions: await Submission.countDocuments(),
       activeSessions: await AccessSession.countDocuments({ lastSeen: { $gte: new Date(Date.now() - 15 * 60 * 1000) } })