Update main.py

main.py

@@ -229,17 +229,36 @@ def google_signin():
         return jsonify({'error': str(e)}), 400
 
 # --- 4. ProfAI API ENDPOINTS ---
+# In main.py, replace the old get_user_courses function with this one.
+
 @app.route('/api/profai/courses', methods=['GET'])
 def get_user_courses():
     try:
-        uid = verify_token(request.headers.get('Authorization', '').split(' ')[1])
-        if not uid: return jsonify({'error': 'Unauthorized'}), 401
+        auth_header = request.headers.get('Authorization', '')
+        if not auth_header.startswith('Bearer '):
+            return jsonify({'error': 'Missing or invalid Authorization header'}), 401
+        
+        token = auth_header.split(' ')[1]
+        uid = verify_token(token)
+        if not uid: 
+            return jsonify({'error': 'Unauthorized or invalid token'}), 401
+
         courses_ref = db.reference('profai_courses')
+        
+        # This query is safe even if the path or user courses don't exist.
         user_courses = courses_ref.order_by_child('uid').equal_to(uid).get()
-        if not user_courses: return jsonify([]), 200
+        
+        # This correctly handles cases where the user has no courses.
+        if not user_courses: 
+            return jsonify([]), 200
+
+        # Convert dict to a list sorted by creation date
         courses_list = sorted(user_courses.values(), key=lambda x: x.get('createdAt', ''), reverse=True)
         return jsonify(courses_list), 200
-    except Exception as e: return jsonify({'error': str(e)}), 500
+    except Exception as e:
+        # This will now only catch truly unexpected server errors
+        logger.error(f"Error in get_user_courses: {traceback.format_exc()}")
+        return jsonify({'error': str(e)}), 500
 
 @app.route('/api/profai/start-course', methods=['POST'])
 def start_course():