comparing 57e72df2a6a17a7b9005e27a370cb0bb230dd088 and main on dunkirk.sh/thistle

+22 -17

.env.example

···

       3
       3
        
       # See README for setup instructions

     

       4
       4
        
       WHISPER_SERVICE_URL=http://localhost:8000

     

       5
       5
        
       

     

       6
       6
       -
       # LLM API Configuration (Required for VTT cleaning)

     

       6
       6
       +
       # LLM API Configuration (REQUIRED for VTT cleaning)

     

       7
       7
        
       # Configure your LLM service endpoint and credentials

     

       8
       8
       -
       LLM_API_KEY=your_api_key_here

     

       9
       9
       -
       LLM_API_BASE_URL=https://api.openai.com/v1

     

       10
       10
       -
       LLM_MODEL=gpt-4o-mini

     

       8
       8
       +
       LLM_API_KEY=paste_your_api_key_here

     

       9
       9
       +
       LLM_API_BASE_URL=https://openrouter.ai/api/v1

     

       10
       10
       +
       LLM_MODEL=moonshotai/kimi-k2-0905

     

       11
       11
        
       

     

       12
       12
        
       # WebAuthn/Passkey Configuration (Production Only)

     

       13
       13
        
       # In development, these default to localhost values

     
···

       17
       17
        
       # Must match the domain where your app is hosted

     

       18
       18
        
       # RP_ID=thistle.app

     

       19
       19
        
       

     

       20
       20
       -
       # Origin - full URL of your app

     

       20
       20
       +
       # Origin - full URL of your app (RECOMMENDED - used for email links)

     

       21
       21
        
       # Must match exactly where users access your app

     

       22
       22
       -
       # ORIGIN=https://thistle.app

     

       22
       22
       +
       # In production, set this to your public URL

     

       23
       23
       +
       ORIGIN=http://localhost:3000

     

       23
       24
        
       

     

       24
       24
       -
       # Polar.sh payment stuff

     

       25
       25
       +
       # Polar.sh Payment Configuration (REQUIRED)

     

       26
       26
       +
       # Get your organization ID from https://polar.sh/settings

     

       27
       27
       +
       POLAR_ORGANIZATION_ID=paste_your_org_id_here

     

       25
       28
        
       # Get your access token from https://polar.sh/settings (or sandbox.polar.sh for testing)

     

       26
       26
       -
       POLAR_ACCESS_TOKEN=XXX

     

       29
       29
       +
       POLAR_ACCESS_TOKEN=paste_your_polar_token_here

     

       27
       30
        
       # Get product ID from your Polar dashboard (create a product first)

     

       28
       28
       -
       POLAR_PRODUCT_ID=3f1ab9f9-d573-49d4-ac0a-a78bfb06c347

     

       31
       31
       +
       POLAR_PRODUCT_ID=paste_your_product_id_here

     

       29
       32
        
       # Redirect URL after successful checkout (use {CHECKOUT_ID} placeholder)

     

       30
       33
        
       POLAR_SUCCESS_URL=http://localhost:3000/checkout?checkout_id={CHECKOUT_ID}

     

       31
       34
        
       # Webhook secret for verifying Polar webhook signatures (get from Polar dashboard)

     

       32
       32
       -
       POLAR_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxx

     

       33
       33
       -
       

     

       34
       34
       -
       # Environment (set to 'production' in production)

     

       35
       35
       -
       NODE_ENV=development

     

       35
       35
       +
       POLAR_WEBHOOK_SECRET=paste_your_webhook_secret_here

     

       36
       36
        
       

     

       37
       37
       -
       # Email Configuration (MailChannels)

     

       37
       37
       +
       # Email Configuration (REQUIRED - MailChannels)

     

       38
       38
       +
       # API key from MailChannels dashboard

     

       39
       39
       +
       MAILCHANNELS_API_KEY=paste_your_mailchannels_api_key_here

     

       38
       40
        
       # DKIM private key for email authentication (required for sending emails)

     

       39
       41
        
       # Generate: openssl genrsa -out dkim-private.pem 2048

     

       40
       42
        
       # Then add TXT record: mailchannels._domainkey.yourdomain.com

     

       41
       41
       -
       DKIM_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY_HERE\n-----END PRIVATE KEY-----"

     

       42
       42
       -
       DKIM_DOMAIN=thistle.app

     

       43
       43
       -
       SMTP_FROM_EMAIL=noreply@thistle.app

     

       43
       43
       +
       DKIM_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nPASTE_YOUR_DKIM_PRIVATE_KEY_HERE\n-----END PRIVATE KEY-----"

     

       44
       44
       +
       DKIM_DOMAIN=yourdomain.com

     

       45
       45
       +
       SMTP_FROM_EMAIL=noreply@yourdomain.com

     

       44
       46
        
       SMTP_FROM_NAME=Thistle

     

       47
       47
       +
       

     

       48
       48
       +
       # Environment (set to 'production' in production)

     

       49
       49
       +
       NODE_ENV=development

+107

CRUSH.md

···

       688
       688
        
       **Configuration:**

     

       689
       689
        
       Set `WHISPER_SERVICE_URL` in `.env` (default: `http://localhost:8000`)

     

       690
       690
        
       

     

       691
       691
       +
       ## Issue Tracking

     

       692
       692
       +
       

     

       693
       693
       +
       This project uses [Tangled](https://tangled.org) for issue tracking via the `tangled-cli` tool.

     

       694
       694
       +
       

     

       695
       695
       +
       **Installation:**

     

       696
       696
       +
       ```bash

     

       697
       697
       +
       cargo install --git https://tangled.org/vitorpy.com/tangled-cli

     

       698
       698
       +
       ```

     

       699
       699
       +
       

     

       700
       700
       +
       **Authentication:**

     

       701
       701
       +
       ```bash

     

       702
       702
       +
       tangled-cli auth login

     

       703
       703
       +
       ```

     

       704
       704
       +
       

     

       705
       705
       +
       **Creating issues:**

     

       706
       706
       +
       ```bash

     

       707
       707
       +
       tangled-cli issue create --repo "thistle" --title "Issue title" --body "Issue description"

     

       708
       708
       +
       

     

       709
       709
       +
       # With labels (if created in the repo):

     

       710
       710
       +
       tangled-cli issue create --repo "thistle" --title "Issue title" --label "bug" --label "priority:high" --body "Issue description"

     

       711
       711
       +
       ```

     

       712
       712
       +
       

     

       713
       713
       +
       **Listing issues:**

     

       714
       714
       +
       ```bash

     

       715
       715
       +
       # List all open issues

     

       716
       716
       +
       tangled-cli issue list --repo "thistle"

     

       717
       717
       +
       

     

       718
       718
       +
       # List with specific state

     

       719
       719
       +
       tangled-cli issue list --repo "thistle" --state open

     

       720
       720
       +
       tangled-cli issue list --repo "thistle" --state closed

     

       721
       721
       +
       

     

       722
       722
       +
       # List by label

     

       723
       723
       +
       tangled-cli issue list --repo "thistle" --label "priority: low"

     

       724
       724
       +
       tangled-cli issue list --repo "thistle" --label "bug"

     

       725
       725
       +
       

     

       726
       726
       +
       # List by author

     

       727
       727
       +
       tangled-cli issue list --repo "thistle" --author "username"

     

       728
       728
       +
       

     

       729
       729
       +
       # JSON output format

     

       730
       730
       +
       tangled-cli issue list --repo "thistle" --format json

     

       731
       731
       +
       ```

     

       732
       732
       +
       

     

       733
       733
       +
       **Showing issue details:**

     

       734
       734
       +
       ```bash

     

       735
       735
       +
       # Show specific issue by ID

     

       736
       736
       +
       tangled-cli issue show <issue-id>

     

       737
       737
       +
       

     

       738
       738
       +
       # Show with comments

     

       739
       739
       +
       tangled-cli issue show <issue-id> --comments

     

       740
       740
       +
       

     

       741
       741
       +
       # JSON format

     

       742
       742
       +
       tangled-cli issue show <issue-id> --json

     

       743
       743
       +
       ```

     

       744
       744
       +
       

     

       745
       745
       +
       **Commenting on issues:**

     

       746
       746
       +
       ```bash

     

       747
       747
       +
       tangled-cli issue comment <issue-id> --body "Your comment here"

     

       748
       748
       +
       ```

     

       749
       749
       +
       

     

       750
       750
       +
       **Editing issues:**

     

       751
       751
       +
       ```bash

     

       752
       752
       +
       # Update title

     

       753
       753
       +
       tangled-cli issue edit <issue-id> --title "New title"

     

       754
       754
       +
       

     

       755
       755
       +
       # Update body

     

       756
       756
       +
       tangled-cli issue edit <issue-id> --body "New description"

     

       757
       757
       +
       

     

       758
       758
       +
       # Close an issue

     

       759
       759
       +
       tangled-cli issue edit <issue-id> --state closed

     

       760
       760
       +
       

     

       761
       761
       +
       # Reopen an issue

     

       762
       762
       +
       tangled-cli issue edit <issue-id> --state open

     

       763
       763
       +
       ```

     

       764
       764
       +
       

     

       765
       765
       +
       **Repository commands:**

     

       766
       766
       +
       ```bash

     

       767
       767
       +
       # List your repositories

     

       768
       768
       +
       tangled-cli repo list

     

       769
       769
       +
       

     

       770
       770
       +
       # Show repository details

     

       771
       771
       +
       tangled-cli repo info thistle

     

       772
       772
       +
       

     

       773
       773
       +
       # Create a new repository

     

       774
       774
       +
       tangled-cli repo create --name "repo-name" --description "Description"

     

       775
       775
       +
       ```

     

       776
       776
       +
       

     

       777
       777
       +
       **Viewing issues by priority:**

     

       778
       778
       +
       

     

       779
       779
       +
       The thistle repo uses priority labels:

     

       780
       780
       +
       - `priority: high` - Critical issues that need immediate attention

     

       781
       781
       +
       - `priority: medium` - Important issues to address soon

     

       782
       782
       +
       - `priority: low` - Nice-to-have improvements

     

       783
       783
       +
       

     

       784
       784
       +
       ```bash

     

       785
       785
       +
       # View all low priority issues

     

       786
       786
       +
       tangled-cli issue list --repo "thistle" --label "priority: low" --state open

     

       787
       787
       +
       

     

       788
       788
       +
       # View all high priority issues

     

       789
       789
       +
       tangled-cli issue list --repo "thistle" --label "priority: high" --state open

     

       790
       790
       +
       ```

     

       791
       791
       +
       

     

       792
       792
       +
       **Note:** The repo name for this project is `thistle` (resolves to `dunkirk.sh/thistle` in Tangled). Labels are supported but need to be created in the repository first.

     

       793
       793
       +
       

     

       794
       794
       +
       **Known Issues:**

     

       795
       795
       +
       - The CLI may have decoding issues with some API responses (missing `createdAt` field). If `tangled-cli issue list` fails, you can access issues via the web interface at https://tangled.org/dunkirk.sh/thistle

     

       796
       796
       +
       - For complex filtering or browsing, the web UI may be more reliable than the CLI

     

       797
       797
       +
       

     

       691
       798
        
       ## Future Additions

     

       692
       799
        
       

     

       693
       800
        
       As the codebase grows, document:

-399

index.html

···

       1
       1
       -
       <!-- vim: setlocal noexpandtab nowrap: -->

     

       2
       2
       -
       <!doctype html>

     

       3
       3
       -
       <html lang="en">

     

       4
       4
       -
       

     

       5
       5
       -
       <head>

     

       6
       6
       -
         <meta charset="UTF-8" />

     

       7
       7
       -
         <meta name="viewport" content="width=device-width, initial-scale=1.0" />

     

       8
       8
       -
         <title>C:\KIERANK.EXE - kierank.hackclub.app</title>

     

       9
       9
       -
         <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>

     

       10
       10
       -
         <style>

     

       11
       11
       -
           @import url("https://fonts.googleapis.com/css2?family=Courier+Prime:wght@400;700&display=swap");

     

       12
       12
       -
       

     

       13
       13
       -
           body {

     

       14
       14
       -
             background: #008080;

     

       15
       15
       -
             font-family: "Courier Prime", "Courier New", monospace;

     

       16
       16
       -
             color: #000000;

     

       17
       17
       -
             margin: 0;

     

       18
       18
       -
             padding: 20px;

     

       19
       19
       -
             line-height: 1.4;

     

       20
       20
       -
             font-size: 14px;

     

       21
       21
       -
           }

     

       22
       22
       -
       

     

       23
       23
       -
           .hidden {

     

       24
       24
       -
             display: none !important;

     

       25
       25
       -
           }

     

       26
       26
       -
       

     

       27
       27
       -
           .terminal {

     

       28
       28
       -
             background: #ffffff;

     

       29
       29
       -
             border: 2px solid #808080;

     

       30
       30
       -
             box-shadow:

     

       31
       31
       -
               inset -2px -2px #c0c0c0,

     

       32
       32
       -
               inset 2px 2px #404040,

     

       33
       33
       -
               4px 4px 0px #000000;

     

       34
       34
       -
             max-width: 750px;

     

       35
       35
       -
             margin: 0 auto;

     

       36
       36
       -
             padding: 0;

     

       37
       37
       -
           }

     

       38
       38
       -
       

     

       39
       39
       -
           .title-bar {

     

       40
       40
       -
             background: linear-gradient(90deg, #000080, #1084d0);

     

       41
       41
       -
             color: #ffffff;

     

       42
       42
       -
             padding: 4px 8px;

     

       43
       43
       -
             font-weight: bold;

     

       44
       44
       -
             border-bottom: 1px solid #808080;

     

       45
       45
       -
             font-size: 12px;

     

       46
       46
       -
             display: flex;

     

       47
       47
       -
             justify-content: space-between;

     

       48
       48
       -
             align-items: center;

     

       49
       49
       -
           }

     

       50
       50
       -
       

     

       51
       51
       -
           .title-buttons {

     

       52
       52
       -
             display: flex;

     

       53
       53
       -
             gap: 2px;

     

       54
       54
       -
           }

     

       55
       55
       -
       

     

       56
       56
       -
           .title-btn {

     

       57
       57
       -
             width: 16px;

     

       58
       58
       -
             height: 14px;

     

       59
       59
       -
             background: #c0c0c0;

     

       60
       60
       -
             border: 1px outset #ffffff;

     

       61
       61
       -
             font-size: 10px;

     

       62
       62
       -
             line-height: 12px;

     

       63
       63
       -
             text-align: center;

     

       64
       64
       -
             cursor: pointer;

     

       65
       65
       -
           }

     

       66
       66
       -
       

     

       67
       67
       -
           .content {

     

       68
       68
       -
             padding: 15px;

     

       69
       69
       -
             background: #ffffff;

     

       70
       70
       -
           }

     

       71
       71
       -
       

     

       72
       72
       -
           .prompt {

     

       73
       73
       -
             color: #000000;

     

       74
       74
       -
             margin: 0 0 10px 0;

     

       75
       75
       -
           }

     

       76
       76
       -
       

     

       77
       77
       -
           .cursor {

     

       78
       78
       -
             background: #000000;

     

       79
       79
       -
             color: #ffffff;

     

       80
       80
       -
             animation: blink 1s infinite;

     

       81
       81
       -
           }

     

       82
       82
       -
       

     

       83
       83
       -
           @keyframes blink {

     

       84
       84
       -
       

     

       85
       85
       -
             0%,

     

       86
       86
       -
             50% {

     

       87
       87
       -
               opacity: 1;

     

       88
       88
       -
             }

     

       89
       89
       -
       

     

       90
       90
       -
             51%,

     

       91
       91
       -
             100% {

     

       92
       92
       -
               opacity: 0;

     

       93
       93
       -
             }

     

       94
       94
       -
           }

     

       95
       95
       -
       

     

       96
       96
       -
           /* Markdown rendered content styles */

     

       97
       97
       -
           #readme-content h3 {

     

       98
       98
       -
             color: #000080;

     

       99
       99
       -
             font-size: 20px;

     

       100
       100
       -
             margin: 15px 0 10px 0;

     

       101
       101
       -
             border-bottom: 2px solid #c0c0c0;

     

       102
       102
       -
             padding-bottom: 5px;

     

       103
       103
       -
           }

     

       104
       104
       -
       

     

       105
       105
       -
           #readme-content h4 {

     

       106
       106
       -
             color: #000000;

     

       107
       107
       -
             font-size: 14px;

     

       108
       108
       -
             margin: 20px 0 8px 0;

     

       109
       109
       -
             text-transform: uppercase;

     

       110
       110
       -
             background: #c0c0c0;

     

       111
       111
       -
             padding: 4px 8px;

     

       112
       112
       -
             display: inline-block;

     

       113
       113
       -
           }

     

       114
       114
       -
       

     

       115
       115
       -
           #readme-content p {

     

       116
       116
       -
             margin: 8px 0;

     

       117
       117
       -
           }

     

       118
       118
       -
       

     

       119
       119
       -
           #readme-content ul {

     

       120
       120
       -
             margin: 8px 0;

     

       121
       121
       -
             padding-left: 20px;

     

       122
       122
       -
             list-style: none;

     

       123
       123
       -
           }

     

       124
       124
       -
       

     

       125
       125
       -
           #readme-content ul li {

     

       126
       126
       -
             margin: 6px 0;

     

       127
       127
       -
             position: relative;

     

       128
       128
       -
           }

     

       129
       129
       -
       

     

       130
       130
       -
           #readme-content ul li::before {

     

       131
       131
       -
             content: "► ";

     

       132
       132
       -
             color: #000080;

     

       133
       133
       -
           }

     

       134
       134
       -
       

     

       135
       135
       -
           #readme-content a {

     

       136
       136
       -
             color: #000080;

     

       137
       137
       -
             text-decoration: underline;

     

       138
       138
       -
           }

     

       139
       139
       -
       

     

       140
       140
       -
           #readme-content a:hover {

     

       141
       141
       -
             color: #0000ff;

     

       142
       142
       -
             background: #ffffcc;

     

       143
       143
       -
           }

     

       144
       144
       -
       

     

       145
       145
       -
           #readme-content code {

     

       146
       146
       -
             background: #000080;

     

       147
       147
       -
             color: #ffffff;

     

       148
       148
       -
             padding: 1px 4px;

     

       149
       149
       -
             font-family: "Courier Prime", "Courier New", monospace;

     

       150
       150
       -
           }

     

       151
       151
       -
       

     

       152
       152
       -
           #readme-content pre {

     

       153
       153
       -
             background: #000080;

     

       154
       154
       -
             color: #cbcbcb;

     

       155
       155
       -
             padding: 12px;

     

       156
       156
       -
             border: 2px inset #404040;

     

       157
       157
       -
             overflow-x: auto;

     

       158
       158
       -
             font-size: 12px;

     

       159
       159
       -
             line-height: 1.3;

     

       160
       160
       -
           }

     

       161
       161
       -
       

     

       162
       162
       -
           #readme-content pre code {

     

       163
       163
       -
             background: transparent;

     

       164
       164
       -
             color: inherit;

     

       165
       165
       -
             padding: 0;

     

       166
       166
       -
           }

     

       167
       167
       -
       

     

       168
       168
       -
           #readme-content strong {

     

       169
       169
       -
             color: #333333;

     

       170
       170
       -
           }

     

       171
       171
       -
       

     

       172
       172
       -
           #readme-content em {

     

       173
       173
       -
             color: #808080;

     

       174
       174
       -
             font-style: italic;

     

       175
       175
       -
           }

     

       176
       176
       -
       

     

       177
       177
       -
           .status-bar {

     

       178
       178
       -
             background: #c0c0c0;

     

       179
       179
       -
             color: #000000;

     

       180
       180
       -
             padding: 3px 8px;

     

       181
       181
       -
             border-top: 2px groove #ffffff;

     

       182
       182
       -
             font-size: 11px;

     

       183
       183
       -
             display: flex;

     

       184
       184
       -
             justify-content: space-between;

     

       185
       185
       -
           }

     

       186
       186
       -
       

     

       187
       187
       -
           .separator {

     

       188
       188
       -
             color: #808080;

     

       189
       189
       -
             margin: 15px 0;

     

       190
       190
       -
             text-align: center;

     

       191
       191
       -
           }

     

       192
       192
       -
       

     

       193
       193
       -
           .loading {

     

       194
       194
       -
             text-align: center;

     

       195
       195
       -
             padding: 20px;

     

       196
       196
       -
             color: #808080;

     

       197
       197
       -
           }

     

       198
       198
       -
       

     

       199
       199
       -
           .loading::after {

     

       200
       200
       -
             content: "";

     

       201
       201
       -
             animation: dots 1.5s steps(4, end) infinite;

     

       202
       202
       -
           }

     

       203
       203
       -
       

     

       204
       204
       -
           @keyframes dots {

     

       205
       205
       -
       

     

       206
       206
       -
             0%,

     

       207
       207
       -
             20% {

     

       208
       208
       -
               content: "";

     

       209
       209
       -
             }

     

       210
       210
       -
       

     

       211
       211
       -
             40% {

     

       212
       212
       -
               content: ".";

     

       213
       213
       -
             }

     

       214
       214
       -
       

     

       215
       215
       -
             60% {

     

       216
       216
       -
               content: "..";

     

       217
       217
       -
             }

     

       218
       218
       -
       

     

       219
       219
       -
             80%,

     

       220
       220
       -
             100% {

     

       221
       221
       -
               content: "...";

     

       222
       222
       -
             }

     

       223
       223
       -
           }

     

       224
       224
       -
       

     

       225
       225
       -
           .error-box {

     

       226
       226
       -
             background: #ff0000;

     

       227
       227
       -
             color: #ffffff;

     

       228
       228
       -
             padding: 10px;

     

       229
       229
       -
             border: 2px inset #800000;

     

       230
       230
       -
             margin: 10px 0;

     

       231
       231
       -
           }

     

       232
       232
       -
       

     

       233
       233
       -
           .ascii-header {

     

       234
       234
       -
             color: #000080;

     

       235
       235
       -
             font-size: 10px;

     

       236
       236
       -
             line-height: 1.1;

     

       237
       237
       -
             white-space: pre;

     

       238
       238
       -
             margin: 10px 0 15px 0;

     

       239
       239
       -
             text-align: center;

     

       240
       240
       -
           }

     

       241
       241
       -
         </style>

     

       242
       242
       -
       </head>

     

       243
       243
       -
       

     

       244
       244
       -
       <body>

     

       245
       245
       -
         <div class="terminal">

     

       246
       246
       -
           <div class="title-bar">

     

       247
       247
       -
             <span>C:\KIERANK.EXE - kierank.hackclub.app</span>

     

       248
       248
       -
             <div class="title-buttons">

     

       249
       249
       -
               <div class="title-btn">_</div>

     

       250
       250
       -
               <div class="title-btn">□</div>

     

       251
       251
       -
               <div class="title-btn">×</div>

     

       252
       252
       -
             </div>

     

       253
       253
       -
           </div>

     

       254
       254
       -
       

     

       255
       255
       -
           <div class="content">

     

       256
       256
       -
             <p class="prompt">

     

       257
       257
       -
               C:\KIERANK> README.EXE<span class="cursor"> </span>

     

       258
       258
       -
             </p>

     

       259
       259
       -
       

     

       260
       260
       -
             <!-- biome-ignore format: ascii art -->

     

       261
       261
       -
       			<pre class="ascii-header">

     

       262
       262
       -
       ██╗ ██╗██╗███████╗██████╗ █████╗  ███╗   ██╗

     

       263
       263
       -
       ██║ ██║██║██╔════╝██╔══██╗██╔══██╗████╗  ██║

     

       264
       264
       -
       █████╔╝██║█████╗  ██████╔╝███████║██╔██╗ ██║

     

       265
       265
       -
       ██╔═██╗██║██╔══╝  ██╔══██╗██╔══██║██║╚██╗██║

     

       266
       266
       -
       ██║ ██║██║███████╗██║  ██║██║  ██║██║ ╚████║

     

       267
       267
       -
       ╚═╝ ╚═╝╚═╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝

     

       268
       268
       -
       			</pre>

     

       269
       269
       -
       

     

       270
       270
       -
             <div class="separator">

     

       271
       271
       -
               ════════════════════════════════════════════════════

     

       272
       272
       -
             </div>

     

       273
       273
       -
       

     

       274
       274
       -
             <div id="readme-content">

     

       275
       275
       -
               <div class="loading" style="display: none">Loading README from GitHub</div>

     

       276
       276
       -
       

     

       277
       277
       -
               <noscript>

     

       278
       278
       -
                 <div class="error-box">

     

       279
       279
       -
                   JavaScript is disabled so not rendering markdown.

     

       280
       280
       -
                 </div>

     

       281
       281
       -
                 <p>

     

       282
       282
       -
                   View the README on GitHub:

     

       283
       283
       -
                   <a href="https://github.com/taciturnaxolotl/taciturnaxolotl/blob/main/README.md">

     

       284
       284
       -
                     taciturnaxolotl/README.md

     

       285
       285
       -
                   </a>

     

       286
       286
       -
                 </p>

     

       287
       287
       -
               </noscript>

     

       288
       288
       -
             </div>

     

       289
       289
       -
       

     

       290
       290
       -
             <div class="separator">

     

       291
       291
       -
               ════════════════════════════════════════════════════

     

       292
       292
       -
             </div>

     

       293
       293
       -
       

     

       294
       294
       -
             <p style="font-size: 11px; color: #808080; text-align: center">

     

       295
       295
       -
               Hosted on <a href="https://hackclub.com/nest/">Hack Club Nest</a> |

     

       296
       296
       -
               <a href="https://github.com/taciturnaxolotl">GitHub</a> |

     

       297
       297
       -
               <a href="https://dunkirk.sh">dunkirk.sh</a>

     

       298
       298
       -
             </p>

     

       299
       299
       -
           </div>

     

       300
       300
       -
       

     

       301
       301
       -
           <div class="status-bar">

     

       302
       302
       -
             <span id="status">Fetching README...</span>

     

       303
       303
       -
             <span id="time"></span>

     

       304
       304
       -
           </div>

     

       305
       305
       -
         </div>

     

       306
       306
       -
       

     

       307
       307
       -
         <script>

     

       308
       308
       -
           const README_URL =

     

       309
       309
       -
             "https://raw.githubusercontent.com/taciturnaxolotl/taciturnaxolotl/refs/heads/main/README.md"

     

       310
       310
       -
       

     

       311
       311
       -
           async function loadReadme() {

     

       312
       312
       -
             const contentDiv = document.getElementById("readme-content");

     

       313
       313
       -
             const statusSpan = document.getElementById("status");

     

       314
       314
       -
             const loadingEl = contentDiv.querySelector(".loading");

     

       315
       315
       -
       

     

       316
       316
       -
             // Show loading

     

       317
       317
       -
             if (loadingEl) loadingEl.classList.remove("hidden");

     

       318
       318
       -
       

     

       319
       319
       -
       

     

       320
       320
       -
             try {

     

       321
       321
       -
               const response = await fetch(README_URL);

     

       322
       322
       -
               if (!response.ok) {

     

       323
       323
       -
                 throw new Error(`HTTP ${response.status}`);

     

       324
       324
       -
               }

     

       325
       325
       -
       

     

       326
       326
       -
               const markdown = await response.text();

     

       327
       327
       -
       

     

       328
       328
       -
               // Configure marked for GFM

     

       329
       329
       -
               marked.setOptions({

     

       330
       330
       -
                 gfm: true,

     

       331
       331
       -
                 breaks: true,

     

       332
       332
       -
               });

     

       333
       333
       -
       

     

       334
       334
       -
               contentDiv.innerHTML = marked.parse(markdown);

     

       335
       335
       -
       

     

       336
       336
       -
               // Strip emojis from headers

     

       337
       337
       -
               contentDiv.querySelectorAll("h3, h4").forEach((header) => {

     

       338
       338
       -
                 const text = header.textContent;

     

       339
       339
       -
       

     

       340
       340
       -
                 // Regex targets:

     

       341
       341
       -
                 // - \p{Extended_Pictographic}: most modern emoji/pictographs

     

       342
       342
       -
                 // - \p{Emoji_Presentation}: characters default-rendered as emoji

     

       343
       343
       -
                 // - Variation Selector-16 (U+FE0F): emoji presentation modifier

     

       344
       344
       -
                 // - Common symbol blocks that often carry emoji-like glyphs

     

       345
       345
       -
                 const emojiRegex =

     

       346
       346
       -
                   /[\p{Extended_Pictographic}\p{Emoji_Presentation}\uFE0F]|[\u2600-\u26FF\u2700-\u27BF]/gu;

     

       347
       347
       -
       

     

       348
       348
       -
                 // Strip emojis

     

       349
       349
       -
                 let cleaned = text.replace(emojiRegex, "");

     

       350
       350
       -
       

     

       351
       351
       -
                 // Collapse multiple whitespace into single spaces

     

       352
       352
       -
                 cleaned = cleaned.replace(/\s+/g, " ");

     

       353
       353
       -
       

     

       354
       354
       -
                 // Remove spaces before punctuation (e.g., "Hello !" -> "Hello!")

     

       355
       355
       -
                 cleaned = cleaned.replace(/\s+([!?,.;:])/g, "$1");

     

       356
       356
       -
       

     

       357
       357
       -
                 // Trim leading/trailing whitespace

     

       358
       358
       -
                 cleaned = cleaned.trim();

     

       359
       359
       -
       

     

       360
       360
       -
                 // Replace header content safely

     

       361
       361
       -
                 header.textContent = cleaned;

     

       362
       362
       -
               });

     

       363
       363
       -
       

     

       364
       364
       -
               statusSpan.textContent = "README loaded successfully";

     

       365
       365
       -
             } catch (error) {

     

       366
       366
       -
               contentDiv.innerHTML = `

     

       367
       367
       -
                               <div class="error-box">

     

       368
       368
       -
                                   ERROR: Failed to load README<br>

     

       369
       369
       -
                                   ${error.message}

     

       370
       370
       -
                               </div>

     

       371
       371
       -
                               <p>Try refreshing the page or visit 

     

       372
       372
       -
                               <a href="https://github.com/taciturnaxolotl">github.com/taciturnaxolotl</a> directly.</p>

     

       373
       373
       -
                           `;

     

       374
       374
       -
               statusSpan.textContent = "Error loading README";

     

       375
       375
       -
             }

     

       376
       376
       -
           }

     

       377
       377
       -
       

     

       378
       378
       -
           function updateTime() {

     

       379
       379
       -
             const now = new Date();

     

       380
       380
       -
             const timeStr = now.toLocaleTimeString("en-US", {

     

       381
       381
       -
               hour: "2-digit",

     

       382
       382
       -
               minute: "2-digit",

     

       383
       383
       -
               hour12: true,

     

       384
       384
       -
             });

     

       385
       385
       -
             document.getElementById("time").textContent = timeStr;

     

       386
       386
       -
           }

     

       387
       387
       -
       

     

       388
       388
       -
           // Initialize

     

       389
       389
       -
           updateTime();

     

       390
       390
       -
           setInterval(updateTime, 1000);

     

       391
       391
       -
           loadReadme();

     

       392
       392
       -
         </script>

     

       393
       393
       -
       </body>

     

       394
       394
       -
       

     

       395
       395
       -
       </html>

     

       396
       396
       -
       

     

       397
       397
       -
       </html>

     

       398
       398
       -
       

     

       399
       399
       -
       </html>

+28 -28

package.json

···

       1
       1
        
       {

     

       2
       2
       -
         "name": "thistle",

     

       3
       3
       -
         "module": "src/index.ts",

     

       4
       4
       -
         "type": "module",

     

       5
       5
       -
         "private": true,

     

       6
       6
       -
         "scripts": {

     

       7
       7
       -
           "dev": "bun run src/index.ts --hot",

     

       8
       8
       -
           "clean": "rm -rf transcripts uploads thistle.db",

     

       9
       9
       -
           "test": "bun test",

     

       10
       10
       -
           "test:integration": "bun test src/index.test.ts",

     

       11
       11
       -
           "ngrok": "ngrok http 3000 --domain casual-renewing-reptile.ngrok-free.app"

     

       12
       12
       -
         },

     

       13
       13
       -
         "devDependencies": {

     

       14
       14
       -
           "@biomejs/biome": "^2.3.2",

     

       15
       15
       -
           "@simplewebauthn/types": "^12.0.0",

     

       16
       16
       -
           "@types/bun": "latest"

     

       17
       17
       -
         },

     

       18
       18
       -
         "peerDependencies": {

     

       19
       19
       -
           "typescript": "^5"

     

       20
       20
       -
         },

     

       21
       21
       -
         "dependencies": {

     

       22
       22
       -
           "@polar-sh/sdk": "^0.41.5",

     

       23
       23
       -
           "@simplewebauthn/browser": "^13.2.2",

     

       24
       24
       -
           "@simplewebauthn/server": "^13.2.2",

     

       25
       25
       -
           "eventsource-client": "^1.2.0",

     

       26
       26
       -
           "lit": "^3.3.1",

     

       27
       27
       -
           "nanoid": "^5.1.6",

     

       28
       28
       -
           "ua-parser-js": "^2.0.6"

     

       29
       29
       -
         }

     

       2
       2
       +
       	"name": "thistle",

     

       3
       3
       +
       	"module": "src/index.ts",

     

       4
       4
       +
       	"type": "module",

     

       5
       5
       +
       	"private": true,

     

       6
       6
       +
       	"scripts": {

     

       7
       7
       +
       		"dev": "bun run src/index.ts --hot",

     

       8
       8
       +
       		"clean": "rm -rf transcripts uploads thistle.db",

     

       9
       9
       +
       		"test": "NODE_ENV=test bun test",

     

       10
       10
       +
       		"test:integration": "NODE_ENV=test bun test src/index.test.ts",

     

       11
       11
       +
       		"ngrok": "ngrok http 3000 --domain casual-renewing-reptile.ngrok-free.app"

     

       12
       12
       +
       	},

     

       13
       13
       +
       	"devDependencies": {

     

       14
       14
       +
       		"@biomejs/biome": "^2.3.2",

     

       15
       15
       +
       		"@simplewebauthn/types": "^12.0.0",

     

       16
       16
       +
       		"@types/bun": "latest"

     

       17
       17
       +
       	},

     

       18
       18
       +
       	"peerDependencies": {

     

       19
       19
       +
       		"typescript": "^5"

     

       20
       20
       +
       	},

     

       21
       21
       +
       	"dependencies": {

     

       22
       22
       +
       		"@polar-sh/sdk": "^0.41.5",

     

       23
       23
       +
       		"@simplewebauthn/browser": "^13.2.2",

     

       24
       24
       +
       		"@simplewebauthn/server": "^13.2.2",

     

       25
       25
       +
       		"eventsource-client": "^1.2.0",

     

       26
       26
       +
       		"lit": "^3.3.1",

     

       27
       27
       +
       		"nanoid": "^5.1.6",

     

       28
       28
       +
       		"ua-parser-js": "^2.0.6"

     

       29
       29
       +
       	}

     

       30
       30
        
       }

+19 -1

public/favicon/site.webmanifest

···

       1
       1
       -
       {"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}
     

       1
       1
       +
       {

     

       2
       2
       +
       	"name": "",

     

       3
       3
       +
       	"short_name": "",

     

       4
       4
       +
       	"icons": [

     

       5
       5
       +
       		{

     

       6
       6
       +
       			"src": "/android-chrome-192x192.png",

     

       7
       7
       +
       			"sizes": "192x192",

     

       8
       8
       +
       			"type": "image/png"

     

       9
       9
       +
       		},

     

       10
       10
       +
       		{

     

       11
       11
       +
       			"src": "/android-chrome-512x512.png",

     

       12
       12
       +
       			"sizes": "512x512",

     

       13
       13
       +
       			"type": "image/png"

     

       14
       14
       +
       		}

     

       15
       15
       +
       	],

     

       16
       16
       +
       	"theme_color": "#ffffff",

     

       17
       17
       +
       	"background_color": "#ffffff",

     

       18
       18
       +
       	"display": "standalone"

     

       19
       19
       +
       }

+17

scripts/clear-rate-limits.ts

···

       1
       1
       +
       #!/usr/bin/env bun

     

       2
       2
       +
       

     

       3
       3
       +
       import db from "../src/db/schema";

     

       4
       4
       +
       

     

       5
       5
       +
       console.log("🧹 Clearing all rate limit attempts...");

     

       6
       6
       +
       

     

       7
       7
       +
       const result = db.run("DELETE FROM rate_limit_attempts");

     

       8
       8
       +
       

     

       9
       9
       +
       const deletedCount = result.changes;

     

       10
       10
       +
       

     

       11
       11
       +
       if (deletedCount === 0) {

     

       12
       12
       +
       	console.log("ℹ️  No rate limit attempts to clear");

     

       13
       13
       +
       } else {

     

       14
       14
       +
       	console.log(

     

       15
       15
       +
       		`✅ Successfully cleared ${deletedCount} rate limit attempt${deletedCount === 1 ? "" : "s"}`,

     

       16
       16
       +
       	);

     

       17
       17
       +
       }

+39

scripts/remove-from-classes.ts

···

       1
       1
       +
       #!/usr/bin/env bun

     

       2
       2
       +
       

     

       3
       3
       +
       import db from "../src/db/schema";

     

       4
       4
       +
       

     

       5
       5
       +
       const email = process.argv[2];

     

       6
       6
       +
       

     

       7
       7
       +
       if (!email) {

     

       8
       8
       +
       	console.error("Usage: bun scripts/remove-from-classes.ts <email>");

     

       9
       9
       +
       	console.error("  Removes a user from all their enrolled classes");

     

       10
       10
       +
       	process.exit(1);

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       const user = db

     

       14
       14
       +
       	.query<{ id: number; email: string }, [string]>(

     

       15
       15
       +
       		"SELECT id, email FROM users WHERE email = ?",

     

       16
       16
       +
       	)

     

       17
       17
       +
       	.get(email);

     

       18
       18
       +
       

     

       19
       19
       +
       if (!user) {

     

       20
       20
       +
       	console.error(`User with email ${email} not found`);

     

       21
       21
       +
       	process.exit(1);

     

       22
       22
       +
       }

     

       23
       23
       +
       

     

       24
       24
       +
       // Get current enrollments

     

       25
       25
       +
       const enrollments = db

     

       26
       26
       +
       	.query<{ class_id: string }, [number]>(

     

       27
       27
       +
       		"SELECT class_id FROM class_members WHERE user_id = ?",

     

       28
       28
       +
       	)

     

       29
       29
       +
       	.all(user.id);

     

       30
       30
       +
       

     

       31
       31
       +
       if (enrollments.length === 0) {

     

       32
       32
       +
       	console.log(`User ${email} is not enrolled in any classes`);

     

       33
       33
       +
       	process.exit(0);

     

       34
       34
       +
       }

     

       35
       35
       +
       

     

       36
       36
       +
       // Remove from all classes

     

       37
       37
       +
       db.run("DELETE FROM class_members WHERE user_id = ?", [user.id]);

     

       38
       38
       +
       

     

       39
       39
       +
       console.log(`✅ Successfully removed ${email} from ${enrollments.length} class(es)`);

+1 -1

scripts/send-test-emails.ts

···

       5
       5
        
       

     

       6
       6
        
       import { sendEmail } from "../src/lib/email";

     

       7
       7
        
       import {

     

       8
       8
       -
       	verifyEmailTemplate,

     

       9
       8
        
       	passwordResetTemplate,

     

       10
       9
        
       	transcriptionCompleteTemplate,

     

       10
       10
       +
       	verifyEmailTemplate,

     

       11
       11
        
       } from "../src/lib/email-templates";

     

       12
       12
        
       

     

       13
       13
        
       const targetEmail = process.argv[2];

+227 -21

src/components/admin-classes.ts

···

       12
       12
        
       	year: number;

     

       13
       13
        
       	archived: boolean;

     

       14
       14
        
       	created_at: number;

     

       15
       15
       +
       	student_count?: number;

     

       16
       16
       +
       	transcript_count?: number;

     

       15
       17
        
       }

     

       16
       18
        
       

     

       17
       19
        
       interface WaitlistEntry {

     
···

       38
       40
        
       	@state() activeTab: "classes" | "waitlist" = "classes";

     

       39
       41
        
       	@state() approvingEntry: WaitlistEntry | null = null;

     

       40
       42
        
       	@state() showModal = false;

     

       43
       43
       +
       	@state() showClassSettingsModal = false;

     

       44
       44
       +
       	@state() editingClassId: string | null = null;

     

       45
       45
       +
       	@state() editingClassInfo: Class | null = null;

     

       46
       46
       +
       	@state() editingClassSections: { id: string; section_number: string }[] = [];

     

       47
       47
       +
       	@state() newSectionNumber = "";

     

       41
       48
        
       	@state() meetingTimes: MeetingTime[] = [];

     

       49
       49
       +
       	@state() sections: string[] = [];

     

       42
       50
        
       	@state() editingClass = {

     

       43
       51
        
       		courseCode: "",

     

       44
       52
        
       		courseName: "",

     
···

       465
       473
        
       

     

       466
       474
        
       	override async connectedCallback() {

     

       467
       475
        
       		super.connectedCallback();

     

       468
       468
       -
       		

     

       476
       476
       +
       

     

       469
       477
        
       		// Check for subtab query parameter

     

       470
       478
        
       		const params = new URLSearchParams(window.location.search);

     

       471
       479
        
       		const subtab = params.get("subtab");

     
···

       475
       483
        
       			// Set default subtab in URL if on classes tab

     

       476
       484
        
       			this.setActiveTab(this.activeTab);

     

       477
       485
        
       		}

     

       478
       478
       -
       		

     

       486
       486
       +
       

     

       479
       487
        
       		await this.loadData();

     

       480
       488
        
       	}

     

       481
       489
        
       

     
···

       508
       516
        
       			const classesData = await classesRes.json();

     

       509
       517
        
       			const waitlistData = await waitlistRes.json();

     

       510
       518
        
       

     

       511
       511
       -
       			this.classes = classesData.classes || [];

     

       519
       519
       +
       			// Flatten grouped classes into array

     

       520
       520
       +
       			const groupedClasses = classesData.classes || {};

     

       521
       521
       +
       			this.classes = Object.values(groupedClasses).flat();

     

       512
       522
        
       			this.waitlist = waitlistData.waitlist || [];

     

       513
       523
        
       		} catch {

     

       514
       524
        
       			this.error = "Failed to load data. Please try again.";

     
···

       524
       534
        
       	private async handleToggleArchive(classId: string) {

     

       525
       535
        
       		try {

     

       526
       536
        
       			// Find the class to toggle its archived state

     

       527
       527
       -
       			const classToToggle = this.classes.find(c => c.id === classId);

     

       537
       537
       +
       			const classToToggle = this.classes.find((c) => c.id === classId);

     

       528
       538
        
       			if (!classToToggle) return;

     

       529
       539
        
       

     

       530
       540
        
       			const response = await fetch(`/api/classes/${classId}/archive`, {

     
···

       538
       548
        
       			}

     

       539
       549
        
       

     

       540
       550
        
       			// Update local state instead of reloading

     

       541
       541
       -
       			this.classes = this.classes.map(c => 

     

       542
       542
       -
       				c.id === classId ? { ...c, archived: !c.archived } : c

     

       551
       551
       +
       			this.classes = this.classes.map((c) =>

     

       552
       552
       +
       				c.id === classId ? { ...c, archived: !c.archived } : c,

     

       543
       553
        
       			);

     

       544
       554
        
       		} catch {

     

       545
       555
        
       			this.error = "Failed to update class. Please try again.";

     
···

       660
       670
        
       		this.showModal = true;

     

       661
       671
        
       	}

     

       662
       672
        
       

     

       673
       673
       +
       	private async handleEditSections(classId: string) {

     

       674
       674
       +
       		try {

     

       675
       675
       +
       			const response = await fetch(`/api/classes/${classId}`);

     

       676
       676
       +
       			if (!response.ok) throw new Error("Failed to load class");

     

       677
       677
       +
       			

     

       678
       678
       +
       			const data = await response.json();

     

       679
       679
       +
       			this.editingClassId = classId;

     

       680
       680
       +
       			this.editingClassInfo = data.class;

     

       681
       681
       +
       			this.editingClassSections = data.sections || [];

     

       682
       682
       +
       			this.newSectionNumber = "";

     

       683
       683
       +
       			this.showClassSettingsModal = true;

     

       684
       684
       +
       		} catch {

     

       685
       685
       +
       			this.error = "Failed to load class details";

     

       686
       686
       +
       		}

     

       687
       687
       +
       	}

     

       688
       688
       +
       

     

       689
       689
       +
       	private async handleAddSection() {

     

       690
       690
       +
       		if (!this.newSectionNumber.trim() || !this.editingClassId) return;

     

       691
       691
       +
       

     

       692
       692
       +
       		try {

     

       693
       693
       +
       			const response = await fetch(`/api/classes/${this.editingClassId}/sections`, {

     

       694
       694
       +
       				method: "POST",

     

       695
       695
       +
       				headers: { "Content-Type": "application/json" },

     

       696
       696
       +
       				body: JSON.stringify({ section_number: this.newSectionNumber.trim() }),

     

       697
       697
       +
       			});

     

       698
       698
       +
       

     

       699
       699
       +
       			if (!response.ok) {

     

       700
       700
       +
       				const data = await response.json();

     

       701
       701
       +
       				this.error = data.error || "Failed to add section";

     

       702
       702
       +
       				return;

     

       703
       703
       +
       			}

     

       704
       704
       +
       

     

       705
       705
       +
       			const newSection = await response.json();

     

       706
       706
       +
       			this.editingClassSections = [...this.editingClassSections, newSection];

     

       707
       707
       +
       			this.newSectionNumber = "";

     

       708
       708
       +
       		} catch {

     

       709
       709
       +
       			this.error = "Failed to add section";

     

       710
       710
       +
       		}

     

       711
       711
       +
       	}

     

       712
       712
       +
       

     

       713
       713
       +
       	private async handleDeleteSection(sectionId: string) {

     

       714
       714
       +
       		if (!this.editingClassId) return;

     

       715
       715
       +
       

     

       716
       716
       +
       		try {

     

       717
       717
       +
       			const response = await fetch(`/api/classes/${this.editingClassId}/sections/${sectionId}`, {

     

       718
       718
       +
       				method: "DELETE",

     

       719
       719
       +
       			});

     

       720
       720
       +
       

     

       721
       721
       +
       			if (!response.ok) {

     

       722
       722
       +
       				const data = await response.json();

     

       723
       723
       +
       				this.error = data.error || "Failed to delete section";

     

       724
       724
       +
       				return;

     

       725
       725
       +
       			}

     

       726
       726
       +
       

     

       727
       727
       +
       			this.editingClassSections = this.editingClassSections.filter(s => s.id !== sectionId);

     

       728
       728
       +
       		} catch {

     

       729
       729
       +
       			this.error = "Failed to delete section";

     

       730
       730
       +
       		}

     

       731
       731
       +
       	}

     

       732
       732
       +
       

     

       733
       733
       +
       	private handleCloseSectionsModal() {

     

       734
       734
       +
       		this.showClassSettingsModal = false;

     

       735
       735
       +
       		this.editingClassId = null;

     

       736
       736
       +
       		this.editingClassInfo = null;

     

       737
       737
       +
       		this.editingClassSections = [];

     

       738
       738
       +
       		this.newSectionNumber = "";

     

       739
       739
       +
       		this.loadData();

     

       740
       740
       +
       	}

     

       741
       741
       +
       

     

       742
       742
       +
       

     

       663
       743
        
       	private getFilteredClasses() {

     

       664
       744
        
       		if (!this.searchTerm) return this.classes;

     

       665
       745
        
       

     
···

       710
       790
        
       			}

     

       711
       791
        
       

     

       712
       792
        
             ${this.showModal ? this.renderApprovalModal() : ""}

     

       793
       793
       +
             ${this.showClassSettingsModal ? this.renderClassSettingsModal() : ""}

     

       713
       794
        
           `;

     

       714
       795
        
       	}

     

       715
       796
        
       

     
···

       739
       820
        
                 <div class="classes-grid">

     

       740
       821
        
                   ${filteredClasses.map(

     

       741
       822
        
       							(cls) => html`

     

       742
       742
       -
                     <div class="class-card ${cls.archived ? "archived" : ""}">

     

       823
       823
       +
                     <div 

     

       824
       824
       +
                       class="class-card ${cls.archived ? "archived" : ""}"

     

       825
       825
       +
                       @click=${() => this.handleEditSections(cls.id)}

     

       826
       826
       +
                       style="cursor: pointer;"

     

       827
       827
       +
                     >

     

       743
       828
        
                       <div class="class-header">

     

       744
       829
        
                         <div class="class-info">

     

       745
       830
        
                           <div class="course-code">${cls.course_code}</div>

     
···

       747
       832
        
                           <div class="class-meta">

     

       748
       833
        
                             <span>👤 ${cls.professor}</span>

     

       749
       834
        
                             <span>📅 ${cls.semester} ${cls.year}</span>

     

       835
       835
       +
                             <span>👥 ${cls.student_count || 0} students</span>

     

       836
       836
       +
                             <span>📄 ${cls.transcript_count || 0} transcripts</span>

     

       750
       837
        
                             ${cls.archived ? html`<span class="badge archived">Archived</span>` : ""}

     

       751
       838
        
                           </div>

     

       752
       839
        
                         </div>

     

       753
       753
       -
                         <div class="actions">

     

       754
       754
       -
                           <button

     

       755
       755
       -
                             class="btn-archive"

     

       756
       756
       -
                             @click=${() => this.handleToggleArchive(cls.id)}

     

       757
       757
       -
                           >

     

       758
       758
       -
                             ${cls.archived ? "Unarchive" : "Archive"}

     

       759
       759
       -
                           </button>

     

       760
       760
       -
                           <button

     

       761
       761
       -
                             class="btn-delete"

     

       762
       762
       -
                             @click=${() => this.handleDeleteClick(cls.id, "class")}

     

       763
       763
       -
                           >

     

       764
       764
       -
                             ${this.getDeleteButtonText(cls.id, "class")}

     

       765
       765
       -
                           </button>

     

       766
       766
       -
                         </div>

     

       767
       840
        
                       </div>

     

       768
       841
        
                     </div>

     

       769
       842
        
                   `,

     
···

       774
       847
        
           `;

     

       775
       848
        
       	}

     

       776
       849
        
       

     

       850
       850
       +
       	private renderClassSettingsModal() {

     

       851
       851
       +
       		if (!this.showClassSettingsModal || !this.editingClassInfo) return html``;

     

       852
       852
       +
       

     

       853
       853
       +
       		return html`

     

       854
       854
       +
             <div class="modal-overlay" @click=${this.handleCloseSectionsModal}>

     

       855
       855
       +
               <div class="modal" @click=${(e: Event) => e.stopPropagation()} style="max-width: 48rem;">

     

       856
       856
       +
                 <div class="modal-header">

     

       857
       857
       +
                   <h2 class="modal-title">${this.editingClassInfo.course_code} - ${this.editingClassInfo.name}</h2>

     

       858
       858
       +
                   <button class="close-btn" @click=${this.handleCloseSectionsModal} type="button">×</button>

     

       859
       859
       +
                 </div>

     

       860
       860
       +
       

     

       861
       861
       +
                 <div class="tabs" style="margin-bottom: 1.5rem;">

     

       862
       862
       +
                   <div style="display: flex; gap: 0.5rem; border-bottom: 2px solid var(--secondary);">

     

       863
       863
       +
                     <button

     

       864
       864
       +
                       style="padding: 0.75rem 1.5rem; background: transparent; color: var(--primary); border: none; border-bottom: 2px solid var(--primary); font-weight: 600; cursor: pointer; margin-bottom: -2px;"

     

       865
       865
       +
                     >

     

       866
       866
       +
                       Sections

     

       867
       867
       +
                     </button>

     

       868
       868
       +
                   </div>

     

       869
       869
       +
                 </div>

     

       870
       870
       +
       

     

       871
       871
       +
                 <!-- Sections Tab -->

     

       872
       872
       +
                 <div style="margin-bottom: 1.5rem;">

     

       873
       873
       +
                   <h3 style="margin-bottom: 1rem; color: var(--text);">Manage Sections</h3>

     

       874
       874
       +
                   

     

       875
       875
       +
                   <div style="display: flex; gap: 0.75rem; margin-bottom: 1rem;">

     

       876
       876
       +
                     <input

     

       877
       877
       +
                       type="text"

     

       878
       878
       +
                       placeholder="Section number (e.g., 01, 02, A, B)"

     

       879
       879
       +
                       .value=${this.newSectionNumber}

     

       880
       880
       +
                       @input=${(e: Event) => {

     

       881
       881
       +
       									this.newSectionNumber = (e.target as HTMLInputElement).value;

     

       882
       882
       +
       								}}

     

       883
       883
       +
                       @keypress=${(e: KeyboardEvent) => {

     

       884
       884
       +
       									if (e.key === "Enter") {

     

       885
       885
       +
       										e.preventDefault();

     

       886
       886
       +
       										this.handleAddSection();

     

       887
       887
       +
       									}

     

       888
       888
       +
       								}}

     

       889
       889
       +
                       style="flex: 1; padding: 0.75rem; border: 2px solid var(--secondary); border-radius: 6px; font-size: 1rem; background: var(--background); color: var(--text);"

     

       890
       890
       +
                     />

     

       891
       891
       +
                     <button

     

       892
       892
       +
                       @click=${this.handleAddSection}

     

       893
       893
       +
                       ?disabled=${!this.newSectionNumber.trim()}

     

       894
       894
       +
                       style="padding: 0.75rem 1.5rem; background: var(--primary); color: white; border: 2px solid var(--primary); border-radius: 6px; font-weight: 500; cursor: pointer; white-space: nowrap;"

     

       895
       895
       +
                     >

     

       896
       896
       +
                       Add Section

     

       897
       897
       +
                     </button>

     

       898
       898
       +
                   </div>

     

       899
       899
       +
       

     

       900
       900
       +
                   ${

     

       901
       901
       +
       							this.editingClassSections.length === 0

     

       902
       902
       +
       								? html`<p style="color: var(--paynes-gray); text-align: center; padding: 2rem;">No sections yet. Add one above.</p>`

     

       903
       903
       +
       								: html`

     

       904
       904
       +
                       <div style="display: flex; flex-direction: column; gap: 0.5rem;">

     

       905
       905
       +
                         ${this.editingClassSections.map(

     

       906
       906
       +
       										(section) => html`

     

       907
       907
       +
                           <div style="display: flex; justify-content: space-between; align-items: center; padding: 0.75rem; background: color-mix(in srgb, var(--secondary) 30%, transparent); border-radius: 6px;">

     

       908
       908
       +
                             <span style="font-weight: 500;">Section ${section.section_number}</span>

     

       909
       909
       +
                             <button

     

       910
       910
       +
                               @click=${(e: Event) => {

     

       911
       911
       +
       													e.stopPropagation();

     

       912
       912
       +
       													this.handleDeleteSection(section.id);

     

       913
       913
       +
       												}}

     

       914
       914
       +
                               style="padding: 0.5rem 1rem; background: transparent; color: red; border: 2px solid red; border-radius: 4px; font-size: 0.875rem; cursor: pointer;"

     

       915
       915
       +
                             >

     

       916
       916
       +
                               Delete

     

       917
       917
       +
                             </button>

     

       918
       918
       +
                           </div>

     

       919
       919
       +
                         `,

     

       920
       920
       +
       									)}

     

       921
       921
       +
                       </div>

     

       922
       922
       +
                     `

     

       923
       923
       +
       						}

     

       924
       924
       +
                 </div>

     

       925
       925
       +
       

     

       926
       926
       +
                 <!-- Actions -->

     

       927
       927
       +
                 <div style="display: flex; gap: 0.75rem; justify-content: space-between; padding-top: 1.5rem; border-top: 2px solid var(--secondary);">

     

       928
       928
       +
                   <div style="display: flex; gap: 0.75rem;">

     

       929
       929
       +
                     <button

     

       930
       930
       +
                       @click=${(e: Event) => {

     

       931
       931
       +
       									e.stopPropagation();

     

       932
       932
       +
       									this.handleToggleArchive(this.editingClassId!);

     

       933
       933
       +
       									this.handleCloseSectionsModal();

     

       934
       934
       +
       								}}

     

       935
       935
       +
                       style="padding: 0.75rem 1.5rem; background: transparent; color: var(--primary); border: 2px solid var(--primary); border-radius: 6px; font-weight: 500; cursor: pointer;"

     

       936
       936
       +
                     >

     

       937
       937
       +
                       ${this.editingClassInfo.archived ? "Unarchive" : "Archive"} Class

     

       938
       938
       +
                     </button>

     

       939
       939
       +
                     <button

     

       940
       940
       +
                       @click=${(e: Event) => {

     

       941
       941
       +
       									e.stopPropagation();

     

       942
       942
       +
       									this.handleDeleteClick(this.editingClassId!, "class");

     

       943
       943
       +
       								}}

     

       944
       944
       +
                       style="padding: 0.75rem 1.5rem; background: transparent; color: red; border: 2px solid red; border-radius: 6px; font-weight: 500; cursor: pointer;"

     

       945
       945
       +
                     >

     

       946
       946
       +
                       ${this.getDeleteButtonText(this.editingClassId!, "class")}

     

       947
       947
       +
                     </button>

     

       948
       948
       +
                   </div>

     

       949
       949
       +
                   <button

     

       950
       950
       +
                     @click=${this.handleCloseSectionsModal}

     

       951
       951
       +
                     style="padding: 0.75rem 1.5rem; background: var(--primary); color: white; border: 2px solid var(--primary); border-radius: 6px; font-weight: 500; cursor: pointer;"

     

       952
       952
       +
                   >

     

       953
       953
       +
                     Done

     

       954
       954
       +
                   </button>

     

       955
       955
       +
                 </div>

     

       956
       956
       +
       

     

       957
       957
       +
                 ${this.error ? html`<div style="color: red; margin-top: 1rem; padding: 0.75rem; background: color-mix(in srgb, red 10%, transparent); border-radius: 6px;">${this.error}</div>` : ""}

     

       958
       958
       +
               </div>

     

       959
       959
       +
             </div>

     

       960
       960
       +
           `;

     

       961
       961
       +
       	}

     

       962
       962
       +
       

     

       777
       963
        
       	private renderWaitlist() {

     

       778
       964
        
       		return html`

     

       779
       965
        
             ${

     
···

       859
       1045
        
       		this.meetingTimes = e.detail;

     

       860
       1046
        
       	}

     

       861
       1047
        
       

     

       1048
       1048
       +
       	private handleSectionsChange(e: Event) {

     

       1049
       1049
       +
       		const value = (e.target as HTMLInputElement).value;

     

       1050
       1050
       +
       		this.sections = value

     

       1051
       1051
       +
       			.split(",")

     

       1052
       1052
       +
       			.map((s) => s.trim())

     

       1053
       1053
       +
       			.filter((s) => s);

     

       1054
       1054
       +
       	}

     

       1055
       1055
       +
       

     

       862
       1056
        
       	private handleClassFieldInput(field: string, e: Event) {

     

       863
       1057
        
       		const value = (e.target as HTMLInputElement | HTMLSelectElement).value;

     

       864
       1058
        
       		this.editingClass = { ...this.editingClass, [field]: value };

     
···

       868
       1062
        
       		this.showModal = false;

     

       869
       1063
        
       		this.approvingEntry = null;

     

       870
       1064
        
       		this.meetingTimes = [];

     

       1065
       1065
       +
       		this.sections = [];

     

       871
       1066
        
       		this.editingClass = {

     

       872
       1067
        
       			courseCode: "",

     

       873
       1068
        
       			courseName: "",

     
···

       897
       1092
        
       					semester: this.editingClass.semester,

     

       898
       1093
        
       					year: this.editingClass.year,

     

       899
       1094
        
       					meeting_times: labels,

     

       1095
       1095
       +
       					sections: this.sections.length > 0 ? this.sections : undefined,

     

       900
       1096
        
       				}),

     

       901
       1097
        
       			});

     

       902
       1098
        
       

     
···

       1012
       1208
        
                       .value=${this.meetingTimes}

     

       1013
       1209
        
                       @change=${this.handleMeetingTimesChange}

     

       1014
       1210
        
                     ></meeting-time-picker>

     

       1211
       1211
       +
                   </div>

     

       1212
       1212
       +
                   <div class="form-group form-group-full">

     

       1213
       1213
       +
                     <label>Sections (optional)</label>

     

       1214
       1214
       +
                     <input

     

       1215
       1215
       +
                       type="text"

     

       1216
       1216
       +
                       placeholder="e.g., 01, 02, 03 or A, B, C"

     

       1217
       1217
       +
                       .value=${this.sections.join(", ")}

     

       1218
       1218
       +
                       @input=${this.handleSectionsChange}

     

       1219
       1219
       +
                     />

     

       1220
       1220
       +
                     <div class="help-text">Comma-separated list of section numbers. Leave blank if no sections.</div>

     

       1015
       1221
        
                   </div>

     

       1016
       1222
        
                 </div>

     

       1017
       1223

+19 -10

src/components/admin-pending-recordings.ts

···

       246
       246
        
       		this.isLoading = true;

     

       247
       247
        
       		this.error = null;

     

       248
       248
        
       

     

       249
       249
       -
       			try {

     

       250
       250
       -
       				// Get all classes with their transcriptions

     

       251
       251
       -
       				const response = await fetch("/api/classes");

     

       252
       252
       -
       				if (!response.ok) {

     

       253
       253
       -
       					const data = await response.json();

     

       254
       254
       -
       					throw new Error(data.error || "Failed to load classes");

     

       255
       255
       -
       				}

     

       249
       249
       +
       		try {

     

       250
       250
       +
       			// Get all classes with their transcriptions

     

       251
       251
       +
       			const response = await fetch("/api/classes");

     

       252
       252
       +
       			if (!response.ok) {

     

       253
       253
       +
       				const data = await response.json();

     

       254
       254
       +
       				throw new Error(data.error || "Failed to load classes");

     

       255
       255
       +
       			}

     

       256
       256
        
       

     

       257
       257
        
       			const data = await response.json();

     

       258
       258
        
       			const classesGrouped = data.classes || {};

     
···

       317
       317
        
       

     

       318
       318
        
       			this.recordings = pendingRecordings;

     

       319
       319
        
       		} catch (err) {

     

       320
       320
       -
       			this.error = err instanceof Error ? err.message : "Failed to load pending recordings. Please try again.";

     

       320
       320
       +
       			this.error =

     

       321
       321
       +
       				err instanceof Error

     

       322
       322
       +
       					? err.message

     

       323
       323
       +
       					: "Failed to load pending recordings. Please try again.";

     

       321
       324
        
       		} finally {

     

       322
       325
        
       			this.isLoading = false;

     

       323
       326
        
       		}

     
···

       338
       341
        
       			// Reload recordings

     

       339
       342
        
       			await this.loadRecordings();

     

       340
       343
        
       		} catch (err) {

     

       341
       341
       -
       			this.error = err instanceof Error ? err.message : "Failed to approve recording. Please try again.";

     

       344
       344
       +
       			this.error =

     

       345
       345
       +
       				err instanceof Error

     

       346
       346
       +
       					? err.message

     

       347
       347
       +
       					: "Failed to approve recording. Please try again.";

     

       342
       348
        
       		}

     

       343
       349
        
       	}

     

       344
       350
        
       

     
···

       365
       371
        
       			// Reload recordings

     

       366
       372
        
       			await this.loadRecordings();

     

       367
       373
        
       		} catch (err) {

     

       368
       368
       -
       			this.error = err instanceof Error ? err.message : "Failed to delete recording. Please try again.";

     

       374
       374
       +
       			this.error =

     

       375
       375
       +
       				err instanceof Error

     

       376
       376
       +
       					? err.message

     

       377
       377
       +
       					: "Failed to delete recording. Please try again.";

     

       369
       378
        
       		}

     

       370
       379
        
       	}

     

       371
       380

+10 -3

src/components/admin-transcriptions.ts

···

       194
       194
        
       				throw new Error(data.error || "Failed to load transcriptions");

     

       195
       195
        
       			}

     

       196
       196
        
       

     

       197
       197
       -
       			this.transcriptions = await response.json();

     

       197
       197
       +
       			const result = await response.json();

     

       198
       198
       +
       			this.transcriptions = result.data || result;

     

       198
       199
        
       		} catch (err) {

     

       199
       199
       -
       			this.error = err instanceof Error ? err.message : "Failed to load transcriptions. Please try again.";

     

       200
       200
       +
       			this.error =

     

       201
       201
       +
       				err instanceof Error

     

       202
       202
       +
       					? err.message

     

       203
       203
       +
       					: "Failed to load transcriptions. Please try again.";

     

       200
       204
        
       		} finally {

     

       201
       205
        
       			this.isLoading = false;

     

       202
       206
        
       		}

     
···

       228
       232
        
       			await this.loadTranscriptions();

     

       229
       233
        
       			this.dispatchEvent(new CustomEvent("transcription-deleted"));

     

       230
       234
        
       		} catch (err) {

     

       231
       231
       -
       			this.error = err instanceof Error ? err.message : "Failed to delete transcription. Please try again.";

     

       235
       235
       +
       			this.error =

     

       236
       236
       +
       				err instanceof Error

     

       237
       237
       +
       					? err.message

     

       238
       238
       +
       					: "Failed to delete transcription. Please try again.";

     

       232
       239
        
       		}

     

       233
       240
        
       	}

     

       234
       241

+66 -31

src/components/admin-users.ts

···

       324
       324
        
       				throw new Error(data.error || "Failed to load users");

     

       325
       325
        
       			}

     

       326
       326
        
       

     

       327
       327
       -
       			this.users = await response.json();

     

       327
       327
       +
       			const result = await response.json();

     

       328
       328
       +
       			this.users = result.data || result;

     

       328
       329
        
       		} catch (err) {

     

       329
       329
       -
       			this.error = err instanceof Error ? err.message : "Failed to load users. Please try again.";

     

       330
       330
       +
       			this.error =

     

       331
       331
       +
       				err instanceof Error

     

       332
       332
       +
       					? err.message

     

       333
       333
       +
       					: "Failed to load users. Please try again.";

     

       330
       334
        
       		} finally {

     

       331
       335
        
       			this.isLoading = false;

     

       332
       336
        
       		}

     
···

       389
       393
        
       				await this.loadUsers();

     

       390
       394
        
       			}

     

       391
       395
        
       		} catch (err) {

     

       392
       392
       -
       			this.error = err instanceof Error ? err.message : "Failed to update user role";

     

       396
       396
       +
       			this.error =

     

       397
       397
       +
       				err instanceof Error ? err.message : "Failed to update user role";

     

       393
       398
        
       			select.value = oldRole;

     

       394
       399
        
       		}

     

       395
       400
        
       	}

     
···

       460
       465
        
       			}

     

       461
       466
        
       

     

       462
       467
        
       			// Remove user from local array instead of reloading

     

       463
       463
       -
       			this.users = this.users.filter(u => u.id !== userId);

     

       468
       468
       +
       			this.users = this.users.filter((u) => u.id !== userId);

     

       464
       469
        
       			this.dispatchEvent(new CustomEvent("user-deleted"));

     

       465
       470
        
       		} catch (err) {

     

       466
       466
       -
       			this.error = err instanceof Error ? err.message : "Failed to delete user. Please try again.";

     

       471
       471
       +
       			this.error =

     

       472
       472
       +
       				err instanceof Error

     

       473
       473
       +
       					? err.message

     

       474
       474
       +
       					: "Failed to delete user. Please try again.";

     

       467
       475
        
       		}

     

       468
       476
        
       	}

     

       469
       477
        
       

     

       470
       470
       -
       	private handleRevokeClick(userId: number, email: string, subscriptionId: string, event: Event) {

     

       478
       478
       +
       	private handleRevokeClick(

     

       479
       479
       +
       		userId: number,

     

       480
       480
       +
       		email: string,

     

       481
       481
       +
       		subscriptionId: string,

     

       482
       482
       +
       		event: Event,

     

       483
       483
       +
       	) {

     

       471
       484
        
       		event.stopPropagation();

     

       472
       485
        
       

     

       473
       486
        
       		// If this is a different item or timeout expired, reset

     
···

       510
       523
        
       			this.deleteState = null;

     

       511
       524
        
       		}, 1000);

     

       512
       525
        
       

     

       513
       513
       -
       		this.deleteState = { id: userId, type: "revoke", clicks: newClicks, timeout };

     

       526
       526
       +
       		this.deleteState = {

     

       527
       527
       +
       			id: userId,

     

       528
       528
       +
       			type: "revoke",

     

       529
       529
       +
       			clicks: newClicks,

     

       530
       530
       +
       			timeout,

     

       531
       531
       +
       		};

     

       514
       532
        
       	}

     

       515
       533
        
       

     

       516
       516
       -
       	private async performRevokeSubscription(userId: number, _email: string, subscriptionId: string) {

     

       534
       534
       +
       	private async performRevokeSubscription(

     

       535
       535
       +
       		userId: number,

     

       536
       536
       +
       		_email: string,

     

       537
       537
       +
       		subscriptionId: string,

     

       538
       538
       +
       	) {

     

       517
       539
        
       		this.revokingSubscriptions.add(userId);

     

       518
       540
        
       		this.requestUpdate();

     

       519
       541
        
       		this.error = null;

     
···

       532
       554
        
       

     

       533
       555
        
       			await this.loadUsers();

     

       534
       556
        
       		} catch (err) {

     

       535
       535
       -
       			this.error = err instanceof Error ? err.message : "Failed to revoke subscription";

     

       557
       557
       +
       			this.error =

     

       558
       558
       +
       				err instanceof Error ? err.message : "Failed to revoke subscription";

     

       536
       559
        
       			this.revokingSubscriptions.delete(userId);

     

       537
       560
        
       		}

     

       538
       561
        
       	}

     
···

       591
       614
        
       		if (userId === 0) {

     

       592
       615
        
       			return;

     

       593
       616
        
       		}

     

       594
       594
       -
       		

     

       617
       617
       +
       

     

       595
       618
        
       		// Don't open modal if clicking on delete button, revoke button, sync button, or role select

     

       596
       619
        
       		if (

     

       597
       620
        
       			(event.target as HTMLElement).closest(".delete-btn") ||

     
···

       616
       639
        
       

     

       617
       640
        
       	private get filteredUsers() {

     

       618
       641
        
       		const query = this.searchQuery.toLowerCase();

     

       619
       619
       -
       		

     

       642
       642
       +
       

     

       620
       643
        
       		// Filter users based on search query

     

       621
       644
        
       		let filtered = this.users.filter(

     

       622
       645
        
       			(u) =>

     

       623
       646
        
       				u.email.toLowerCase().includes(query) ||

     

       624
       647
        
       				u.name?.toLowerCase().includes(query),

     

       625
       648
        
       		);

     

       626
       626
       -
       		

     

       649
       649
       +
       

     

       627
       650
        
       		// Hide ghost user unless specifically searched for

     

       628
       628
       -
       		if (!query.includes("deleted") && !query.includes("ghost") && !query.includes("system")) {

     

       629
       629
       -
       			filtered = filtered.filter(u => u.id !== 0);

     

       651
       651
       +
       		if (

     

       652
       652
       +
       			!query.includes("deleted") &&

     

       653
       653
       +
       			!query.includes("ghost") &&

     

       654
       654
       +
       			!query.includes("system")

     

       655
       655
       +
       		) {

     

       656
       656
       +
       			filtered = filtered.filter((u) => u.id !== 0);

     

       630
       657
        
       		}

     

       631
       631
       -
       		

     

       658
       658
       +
       

     

       632
       659
        
       		return filtered;

     

       633
       660
        
       	}

     

       634
       661
        
       

     
···

       666
       693
        
                 <div class="users-grid">

     

       667
       694
        
                   ${filtered.map(

     

       668
       695
        
       							(u) => html`

     

       669
       669
       -
                     <div class="user-card ${u.id === 0 ? 'system' : ''}" @click=${(e: Event) => this.handleCardClick(u.id, e)}>

     

       696
       696
       +
                     <div class="user-card ${u.id === 0 ? "system" : ""}" @click=${(e: Event) => this.handleCardClick(u.id, e)}>

     

       670
       697
        
                       <div class="card-header">

     

       671
       698
        
                         <div class="user-info">

     

       672
       699
        
                           <img

     
···

       679
       706
        
                             <div class="user-email">${u.email}</div>

     

       680
       707
        
                           </div>

     

       681
       708
        
                         </div>

     

       682
       682
       -
                         ${u.id === 0 

     

       683
       683
       -
                           ? html`<span class="system-badge">System</span>` 

     

       684
       684
       -
                           : u.role === "admin" 

     

       685
       685
       -
                             ? html`<span class="admin-badge">Admin</span>` 

     

       686
       686
       -
                             : ""

     

       687
       687
       -
                         }

     

       709
       709
       +
                         ${

     

       710
       710
       +
       										u.id === 0

     

       711
       711
       +
       											? html`<span class="system-badge">System</span>`

     

       712
       712
       +
       											: u.role === "admin"

     

       713
       713
       +
       												? html`<span class="admin-badge">Admin</span>`

     

       714
       714
       +
       												: ""

     

       715
       715
       +
       									}

     

       688
       716
        
                       </div>

     

       689
       717
        
       

     

       690
       718
        
                       <div class="meta-row">

     
···

       695
       723
        
                         <div class="meta-item">

     

       696
       724
        
                           <div class="meta-label">Subscription</div>

     

       697
       725
        
                           <div class="meta-value">

     

       698
       698
       -
                             ${u.subscription_status 

     

       699
       699
       -
                               ? html`<span class="subscription-badge ${u.subscription_status.toLowerCase()}">${u.subscription_status}</span>` 

     

       700
       700
       -
                               : html`<span class="subscription-badge none">None</span>`

     

       701
       701
       -
                             }

     

       726
       726
       +
                             ${

     

       727
       727
       +
       												u.subscription_status

     

       728
       728
       +
       													? html`<span class="subscription-badge ${u.subscription_status.toLowerCase()}">${u.subscription_status}</span>`

     

       729
       729
       +
       													: html`<span class="subscription-badge none">None</span>`

     

       730
       730
       +
       											}

     

       702
       731
        
                           </div>

     

       703
       732
        
                         </div>

     

       704
       733
        
                         <div class="meta-item">

     
···

       716
       745
        
                       </div>

     

       717
       746
        
       

     

       718
       747
        
                       <div class="actions">

     

       719
       719
       -
                         ${u.id === 0 

     

       720
       720
       -
                           ? html`<div style="color: var(--paynes-gray); font-size: 0.875rem; padding: 0.5rem;">System account cannot be modified</div>`

     

       721
       721
       -
                           : html`

     

       748
       748
       +
                         ${

     

       749
       749
       +
       										u.id === 0

     

       750
       750
       +
       											? html`<div style="color: var(--paynes-gray); font-size: 0.875rem; padding: 0.5rem;">System account cannot be modified</div>`

     

       751
       751
       +
       											: html`

     

       722
       752
        
                             <select

     

       723
       753
        
                               class="role-select"

     

       724
       754
        
                               .value=${u.role}

     
···

       740
       770
        
                               ?disabled=${!u.subscription_status || !u.subscription_id || this.revokingSubscriptions.has(u.id)}

     

       741
       771
        
                               @click=${(e: Event) => {

     

       742
       772
        
       													if (u.subscription_id) {

     

       743
       743
       -
       														this.handleRevokeClick(u.id, u.email, u.subscription_id, e);

     

       773
       773
       +
       														this.handleRevokeClick(

     

       774
       774
       +
       															u.id,

     

       775
       775
       +
       															u.email,

     

       776
       776
       +
       															u.subscription_id,

     

       777
       777
       +
       															e,

     

       778
       778
       +
       														);

     

       744
       779
        
       													}

     

       745
       780
        
       												}}

     

       746
       781
        
                             >

     
···

       750
       785
        
                               ${this.getDeleteButtonText(u.id, "user")}

     

       751
       786
        
                             </button>

     

       752
       787
        
                           `

     

       753
       753
       -
                         }

     

       788
       788
       +
       									}

     

       754
       789
        
                       </div>

     

       755
       790
        
                     </div>

     

       756
       791
        
                   `,

+10 -10

src/components/auth.ts

···

       440
       440
        
       				}

     

       441
       441
        
       

     

       442
       442
        
       				const data = await response.json();

     

       443
       443
       -
       				

     

       443
       443
       +
       

     

       444
       444
        
       				if (data.email_verification_required) {

     

       445
       445
        
       					this.needsEmailVerification = true;

     

       446
       446
        
       					this.password = "";

     
···

       478
       478
        
       				}

     

       479
       479
        
       

     

       480
       480
        
       				const data = await response.json();

     

       481
       481
       -
       				

     

       481
       481
       +
       

     

       482
       482
        
       				if (data.email_verification_required) {

     

       483
       483
        
       					this.needsEmailVerification = true;

     

       484
       484
        
       					this.password = "";

     
···

       608
       608
        
       	private startResendTimer(sentAtTimestamp: number) {

     

       609
       609
        
       		// Use provided timestamp

     

       610
       610
        
       		this.codeSentAt = sentAtTimestamp;

     

       611
       611
       -
       		

     

       611
       611
       +
       

     

       612
       612
        
       		// Clear existing interval if any

     

       613
       613
        
       		if (this.resendInterval !== null) {

     

       614
       614
        
       			clearInterval(this.resendInterval);

     

       615
       615
        
       		}

     

       616
       616
       -
       		

     

       616
       616
       +
       

     

       617
       617
        
       		// Update timer based on elapsed time

     

       618
       618
        
       		const updateTimer = () => {

     

       619
       619
        
       			if (this.codeSentAt === null) return;

     

       620
       620
       -
       			

     

       620
       620
       +
       

     

       621
       621
        
       			const now = Math.floor(Date.now() / 1000);

     

       622
       622
        
       			const elapsed = now - this.codeSentAt;

     

       623
       623
       -
       			const remaining = Math.max(0, (5 * 60) - elapsed);

     

       623
       623
       +
       			const remaining = Math.max(0, 5 * 60 - elapsed);

     

       624
       624
        
       			this.resendCodeTimer = remaining;

     

       625
       625
       -
       			

     

       625
       625
       +
       

     

       626
       626
        
       			if (remaining <= 0) {

     

       627
       627
        
       				if (this.resendInterval !== null) {

     

       628
       628
        
       					clearInterval(this.resendInterval);

     
···

       630
       630
        
       				}

     

       631
       631
        
       			}

     

       632
       632
        
       		};

     

       633
       633
       -
       		

     

       633
       633
       +
       

     

       634
       634
        
       		// Update immediately

     

       635
       635
        
       		updateTimer();

     

       636
       636
       -
       		

     

       636
       636
       +
       

     

       637
       637
        
       		// Then update every second

     

       638
       638
        
       		this.resendInterval = window.setInterval(updateTimer, 1000);

     

       639
       639
        
       	}

     
···

       671
       671
        
       	private formatTimer(seconds: number): string {

     

       672
       672
        
       		const mins = Math.floor(seconds / 60);

     

       673
       673
        
       		const secs = seconds % 60;

     

       674
       674
       -
       		return `${mins}:${secs.toString().padStart(2, '0')}`;

     

       674
       674
       +
       		return `${mins}:${secs.toString().padStart(2, "0")}`;

     

       675
       675
        
       	}

     

       676
       676
        
       

     

       677
       677
        
       	override disconnectedCallback() {

+123 -13

src/components/class-view.ts

···

       2
       2
        
       import { customElement, state } from "lit/decorators.js";

     

       3
       3
        
       import "./upload-recording-modal.ts";

     

       4
       4
        
       import "./vtt-viewer.ts";

     

       5
       5
       +
       import "./pending-recordings-view.ts";

     

       5
       6
        
       

     

       6
       7
        
       interface Class {

     

       7
       8
        
       	id: string;

     
···

       24
       25
        
       	id: string;

     

       25
       26
        
       	user_id: number;

     

       26
       27
        
       	meeting_time_id: string | null;

     

       28
       28
       +
       	section_id: string | null;

     

       27
       29
        
       	filename: string;

     

       28
       30
        
       	original_filename: string;

     

       29
       31
        
       	status:

     
···

       42
       44
        
       	audioUrl?: string;

     

       43
       45
        
       }

     

       44
       46
        
       

     

       47
       47
       +
       interface ClassSection {

     

       48
       48
       +
       	id: string;

     

       49
       49
       +
       	section_number: string;

     

       50
       50
       +
       }

     

       51
       51
       +
       

     

       45
       52
        
       @customElement("class-view")

     

       46
       53
        
       export class ClassView extends LitElement {

     

       47
       54
        
       	@state() classId = "";

     

       48
       55
        
       	@state() classInfo: Class | null = null;

     

       49
       56
        
       	@state() meetingTimes: MeetingTime[] = [];

     

       57
       57
       +
       	@state() sections: ClassSection[] = [];

     

       58
       58
       +
       	@state() userSection: string | null = null;

     

       59
       59
       +
       	@state() selectedSectionFilter: string | null = null;

     

       50
       60
        
       	@state() transcriptions: Transcription[] = [];

     

       51
       61
        
       	@state() isLoading = true;

     

       52
       62
        
       	@state() error: string | null = null;

     
···

       363
       373
        
       			const data = await response.json();

     

       364
       374
        
       			this.classInfo = data.class;

     

       365
       375
        
       			this.meetingTimes = data.meetingTimes || [];

     

       376
       376
       +
       			this.sections = data.sections || [];

     

       377
       377
       +
       			this.userSection = data.userSection || null;

     

       366
       378
        
       			this.transcriptions = data.transcriptions || [];

     

       379
       379
       +
       

     

       380
       380
       +
       			// Default to user's section for filtering

     

       381
       381
       +
       			if (this.userSection && !this.selectedSectionFilter) {

     

       382
       382
       +
       				this.selectedSectionFilter = this.userSection;

     

       383
       383
       +
       			}

     

       367
       384
        
       

     

       368
       385
        
       			// Load VTT for completed transcriptions

     

       369
       386
        
       			await this.loadVTTForCompleted();

     
···

       450
       467
        
       	}

     

       451
       468
        
       

     

       452
       469
        
       	private get filteredTranscriptions() {

     

       453
       453
       -
       		if (!this.searchQuery) return this.transcriptions;

     

       470
       470
       +
       		let filtered = this.transcriptions;

     

       454
       471
        
       

     

       455
       455
       -
       		const query = this.searchQuery.toLowerCase();

     

       456
       456
       -
       		return this.transcriptions.filter((t) =>

     

       457
       457
       -
       			t.original_filename.toLowerCase().includes(query),

     

       458
       458
       -
       		);

     

       472
       472
       +
       		// Filter by selected section (or user's section by default)

     

       473
       473
       +
       		const sectionFilter = this.selectedSectionFilter || this.userSection;

     

       474
       474
       +
       		

     

       475
       475
       +
       		// Only filter by section if:

     

       476
       476
       +
       		// 1. There are sections in the class

     

       477
       477
       +
       		// 2. User has a section OR has selected one

     

       478
       478
       +
       		if (this.sections.length > 0 && sectionFilter) {

     

       479
       479
       +
       			// For admins: show all transcriptions

     

       480
       480
       +
       			// For users: show their section + transcriptions with no section (legacy/unassigned)

     

       481
       481
       +
       			if (!this.isAdmin) {

     

       482
       482
       +
       				filtered = filtered.filter(

     

       483
       483
       +
       					(t) => t.section_id === sectionFilter || t.section_id === null,

     

       484
       484
       +
       				);

     

       485
       485
       +
       			}

     

       486
       486
       +
       		}

     

       487
       487
       +
       

     

       488
       488
       +
       		// Filter by search query

     

       489
       489
       +
       		if (this.searchQuery) {

     

       490
       490
       +
       			const query = this.searchQuery.toLowerCase();

     

       491
       491
       +
       			filtered = filtered.filter((t) =>

     

       492
       492
       +
       				t.original_filename.toLowerCase().includes(query),

     

       493
       493
       +
       			);

     

       494
       494
       +
       		}

     

       495
       495
       +
       

     

       496
       496
       +
       		// Exclude pending recordings (they're shown in the voting section)

     

       497
       497
       +
       		filtered = filtered.filter((t) => t.status !== "pending");

     

       498
       498
       +
       

     

       499
       499
       +
       		return filtered;

     

       459
       500
        
       	}

     

       460
       501
        
       

     

       461
       502
        
       	private formatDate(timestamp: number): string {

     
···

       521
       562
        
                   <div class="course-code">${this.classInfo.course_code}</div>

     

       522
       563
        
                   <h1>${this.classInfo.name}</h1>

     

       523
       564
        
                   <div class="professor">Professor: ${this.classInfo.professor}</div>

     

       524
       524
       -
                   <div class="semester">${this.classInfo.semester} ${this.classInfo.year}</div>

     

       565
       565
       +
                   <div class="semester">

     

       566
       566
       +
                     ${this.classInfo.semester} ${this.classInfo.year}

     

       567
       567
       +
                     ${

     

       568
       568
       +
       								this.userSection

     

       569
       569
       +
       									? ` • Section ${this.sections.find((s) => s.id === this.userSection)?.section_number || ""}`

     

       570
       570
       +
       									: ""

     

       571
       571
       +
       							}

     

       572
       572
       +
                   </div>

     

       525
       573
        
                 </div>

     

       526
       574
        
               </div>

     

       527
       575
        
       

     
···

       538
       586
        
       						: ""

     

       539
       587
        
       				}

     

       540
       588
        
       

     

       541
       541
       -
               ${!canAccessTranscriptions ? html`

     

       589
       589
       +
               ${

     

       590
       590
       +
       					!canAccessTranscriptions

     

       591
       591
       +
       						? html`

     

       542
       592
        
                 <div style="background: color-mix(in srgb, var(--accent) 10%, transparent); border: 1px solid var(--accent); border-radius: 8px; padding: 1.5rem; margin: 2rem 0; text-align: center;">

     

       543
       593
        
                   <h3 style="margin: 0 0 0.5rem 0; color: var(--text);">Subscribe to Access Recordings</h3>

     

       544
       594
        
                   <p style="margin: 0 0 1rem 0; color: var(--text); opacity: 0.8;">You need an active subscription to upload and view transcriptions.</p>

     

       545
       595
        
                   <a href="/settings?tab=billing" style="display: inline-block; padding: 0.75rem 1.5rem; background: var(--accent); color: white; text-decoration: none; border-radius: 8px; font-weight: 600; transition: opacity 0.2s;">Subscribe Now</a>

     

       546
       596
        
                 </div>

     

       547
       547
       -
               ` : html`

     

       597
       597
       +
               `

     

       598
       598
       +
       						: html`

     

       548
       599
        
               <div class="search-upload">

     

       600
       600
       +
                 ${

     

       601
       601
       +
       						this.sections.length > 1

     

       602
       602
       +
       							? html`

     

       603
       603
       +
                     <select

     

       604
       604
       +
                       style="padding: 0.5rem 0.75rem; border: 1px solid var(--secondary); border-radius: 4px; font-size: 0.875rem; color: var(--text); background: var(--background);"

     

       605
       605
       +
                       @change=${(e: Event) => {

     

       606
       606
       +
       									this.selectedSectionFilter =

     

       607
       607
       +
       										(e.target as HTMLSelectElement).value || null;

     

       608
       608
       +
       								}}

     

       609
       609
       +
                       .value=${this.selectedSectionFilter || ""}

     

       610
       610
       +
                     >

     

       611
       611
       +
                       ${this.sections.map(

     

       612
       612
       +
       									(s) =>

     

       613
       613
       +
       										html`<option value=${s.id} ?selected=${s.id === this.selectedSectionFilter}>${s.section_number}</option>`,

     

       614
       614
       +
       								)}

     

       615
       615
       +
                     </select>

     

       616
       616
       +
                   `

     

       617
       617
       +
       							: ""

     

       618
       618
       +
       					}

     

       549
       619
        
                 <input

     

       550
       620
        
                   type="text"

     

       551
       621
        
                   class="search-box"

     
···

       564
       634
        
                 </button>

     

       565
       635
        
               </div>

     

       566
       636
        
       

     

       637
       637
       +
               <!-- Pending Recordings for Voting -->

     

       638
       638
       +
               ${

     

       639
       639
       +
       					this.meetingTimes.map((meeting) => {

     

       640
       640
       +
       						// Apply section filtering to pending recordings

     

       641
       641
       +
       						const sectionFilter = this.selectedSectionFilter || this.userSection;

     

       642
       642
       +
       						

     

       643
       643
       +
       						const pendingCount = this.transcriptions.filter((t) => {

     

       644
       644
       +
       							if (t.meeting_time_id !== meeting.id || t.status !== "pending") {

     

       645
       645
       +
       								return false;

     

       646
       646
       +
       							}

     

       647
       647
       +
       							

     

       648
       648
       +
       							// Filter by section if applicable

     

       649
       649
       +
       							if (this.sections.length > 0 && sectionFilter) {

     

       650
       650
       +
       								// Show recordings from user's section or no section (unassigned)

     

       651
       651
       +
       								return t.section_id === sectionFilter || t.section_id === null;

     

       652
       652
       +
       							}

     

       653
       653
       +
       							

     

       654
       654
       +
       							return true;

     

       655
       655
       +
       						}).length;

     

       656
       656
       +
       

     

       657
       657
       +
       						// Only show if there are pending recordings

     

       658
       658
       +
       						if (pendingCount === 0) return "";

     

       659
       659
       +
       

     

       660
       660
       +
       						return html`

     

       661
       661
       +
                   <div style="margin-bottom: 2rem;">

     

       662
       662
       +
                     <pending-recordings-view

     

       663
       663
       +
                       .classId=${this.classId}

     

       664
       664
       +
                       .meetingTimeId=${meeting.id}

     

       665
       665
       +
                       .meetingTimeLabel=${meeting.label}

     

       666
       666
       +
                       .sectionId=${sectionFilter}

     

       667
       667
       +
                     ></pending-recordings-view>

     

       668
       668
       +
                   </div>

     

       669
       669
       +
                 `;

     

       670
       670
       +
       					})

     

       671
       671
       +
       				}

     

       672
       672
       +
       

     

       673
       673
       +
               <!-- Completed/Processing Transcriptions -->

     

       567
       674
        
               ${

     

       568
       675
        
       					this.filteredTranscriptions.length === 0

     

       569
       676
        
       						? html`

     
···

       572
       679
        
                 <p>${this.searchQuery ? "Try a different search term" : "Upload a recording to get started!"}</p>

     

       573
       680
        
               </div>

     

       574
       681
        
             `

     

       575
       575
       -
       					: html`

     

       682
       682
       +
       						: html`

     

       576
       683
        
               ${this.filteredTranscriptions.map(

     

       577
       577
       -
       						(t) => html`

     

       684
       684
       +
       					(t) => html`

     

       578
       685
        
                 <div class="transcription-card">

     

       579
       686
        
                   <div class="transcription-header">

     

       580
       687
        
                     <div>

     
···

       617
       724
        
                   ${t.error_message ? html`<div class="error">${t.error_message}</div>` : ""}

     

       618
       725
        
                 </div>

     

       619
       726
        
               `,

     

       620
       620
       -
       					)}

     

       727
       727
       +
       				)}

     

       621
       728
        
             `

     

       622
       622
       -
       			}

     

       623
       623
       -
               `}

     

       729
       729
       +
       				}

     

       730
       730
       +
               `

     

       731
       731
       +
       				}

     

       624
       732
        
             </div>

     

       625
       733
        
       

     

       626
       734
        
             <upload-recording-modal

     

       627
       735
        
               ?open=${this.uploadModalOpen}

     

       628
       736
        
               .classId=${this.classId}

     

       629
       737
        
               .meetingTimes=${this.meetingTimes.map((m) => ({ id: m.id, label: m.label }))}

     

       738
       738
       +
               .sections=${this.sections}

     

       739
       739
       +
               .userSection=${this.userSection}

     

       630
       740
        
               @close=${this.handleModalClose}

     

       631
       741
        
               @upload-success=${this.handleUploadSuccess}

     

       632
       742
        
             ></upload-recording-modal>

src/components/classes-overview.ts

···

       232
       232
        
       	}

     

       233
       233
        
       

     

       234
       234
        
       	private async handleClassJoined() {

     

       235
       235
       +
       		this.showRegistrationModal = false;

     

       235
       236
        
       		await this.loadClasses();

     

       236
       237
        
       	}

     

       237
       238

+436

src/components/pending-recordings-view.ts

···

       1
       1
       +
       import { css, html, LitElement } from "lit";

     

       2
       2
       +
       import { customElement, property, state } from "lit/decorators.js";

     

       3
       3
       +
       

     

       4
       4
       +
       interface PendingRecording {

     

       5
       5
       +
       	id: string;

     

       6
       6
       +
       	user_id: number;

     

       7
       7
       +
       	filename: string;

     

       8
       8
       +
       	original_filename: string;

     

       9
       9
       +
       	vote_count: number;

     

       10
       10
       +
       	created_at: number;

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       interface RecordingsData {

     

       14
       14
       +
       	recordings: PendingRecording[];

     

       15
       15
       +
       	total_users: number;

     

       16
       16
       +
       	user_vote: string | null;

     

       17
       17
       +
       	vote_threshold: number;

     

       18
       18
       +
       	winning_recording_id: string | null;

     

       19
       19
       +
       }

     

       20
       20
       +
       

     

       21
       21
       +
       @customElement("pending-recordings-view")

     

       22
       22
       +
       export class PendingRecordingsView extends LitElement {

     

       23
       23
       +
       	@property({ type: String }) classId = "";

     

       24
       24
       +
       	@property({ type: String }) meetingTimeId = "";

     

       25
       25
       +
       	@property({ type: String }) meetingTimeLabel = "";

     

       26
       26
       +
       	@property({ type: String }) sectionId: string | null = null;

     

       27
       27
       +
       

     

       28
       28
       +
       	@state() private recordings: PendingRecording[] = [];

     

       29
       29
       +
       	@state() private userVote: string | null = null;

     

       30
       30
       +
       	@state() private voteThreshold = 0;

     

       31
       31
       +
       	@state() private winningRecordingId: string | null = null;

     

       32
       32
       +
       	@state() private error: string | null = null;

     

       33
       33
       +
       	@state() private timeRemaining = "";

     

       34
       34
       +
       

     

       35
       35
       +
       	private refreshInterval?: number;

     

       36
       36
       +
       	private loadingInProgress = false;

     

       37
       37
       +
       

     

       38
       38
       +
       	static override styles = css`

     

       39
       39
       +
           :host {

     

       40
       40
       +
             display: block;

     

       41
       41
       +
             padding: 1rem;

     

       42
       42
       +
           }

     

       43
       43
       +
       

     

       44
       44
       +
           .container {

     

       45
       45
       +
             max-width: 56rem;

     

       46
       46
       +
             margin: 0 auto;

     

       47
       47
       +
           }

     

       48
       48
       +
       

     

       49
       49
       +
           h2 {

     

       50
       50
       +
             color: var(--text);

     

       51
       51
       +
             margin-bottom: 0.5rem;

     

       52
       52
       +
           }

     

       53
       53
       +
       

     

       54
       54
       +
           .info {

     

       55
       55
       +
             color: var(--paynes-gray);

     

       56
       56
       +
             font-size: 0.875rem;

     

       57
       57
       +
             margin-bottom: 1.5rem;

     

       58
       58
       +
           }

     

       59
       59
       +
       

     

       60
       60
       +
           .stats {

     

       61
       61
       +
             display: flex;

     

       62
       62
       +
             gap: 2rem;

     

       63
       63
       +
             margin-bottom: 1.5rem;

     

       64
       64
       +
             padding: 1rem;

     

       65
       65
       +
             background: color-mix(in srgb, var(--primary) 5%, transparent);

     

       66
       66
       +
             border-radius: 8px;

     

       67
       67
       +
           }

     

       68
       68
       +
       

     

       69
       69
       +
           .stat {

     

       70
       70
       +
             display: flex;

     

       71
       71
       +
             flex-direction: column;

     

       72
       72
       +
             gap: 0.25rem;

     

       73
       73
       +
           }

     

       74
       74
       +
       

     

       75
       75
       +
           .stat-label {

     

       76
       76
       +
             font-size: 0.75rem;

     

       77
       77
       +
             color: var(--paynes-gray);

     

       78
       78
       +
             text-transform: uppercase;

     

       79
       79
       +
             letter-spacing: 0.05em;

     

       80
       80
       +
           }

     

       81
       81
       +
       

     

       82
       82
       +
           .stat-value {

     

       83
       83
       +
             font-size: 1.5rem;

     

       84
       84
       +
             font-weight: 600;

     

       85
       85
       +
             color: var(--text);

     

       86
       86
       +
           }

     

       87
       87
       +
       

     

       88
       88
       +
           .recordings-list {

     

       89
       89
       +
             display: flex;

     

       90
       90
       +
             flex-direction: column;

     

       91
       91
       +
             gap: 1rem;

     

       92
       92
       +
           }

     

       93
       93
       +
       

     

       94
       94
       +
           .recording-card {

     

       95
       95
       +
             border: 2px solid var(--secondary);

     

       96
       96
       +
             border-radius: 8px;

     

       97
       97
       +
             padding: 1rem;

     

       98
       98
       +
             transition: all 0.2s;

     

       99
       99
       +
           }

     

       100
       100
       +
       

     

       101
       101
       +
           .recording-card.voted {

     

       102
       102
       +
             border-color: var(--accent);

     

       103
       103
       +
             background: color-mix(in srgb, var(--accent) 5%, transparent);

     

       104
       104
       +
           }

     

       105
       105
       +
       

     

       106
       106
       +
           .recording-card.winning {

     

       107
       107
       +
             border-color: var(--accent);

     

       108
       108
       +
             background: color-mix(in srgb, var(--accent) 10%, transparent);

     

       109
       109
       +
           }

     

       110
       110
       +
       

     

       111
       111
       +
           .recording-header {

     

       112
       112
       +
             display: flex;

     

       113
       113
       +
             justify-content: space-between;

     

       114
       114
       +
             align-items: center;

     

       115
       115
       +
             margin-bottom: 0.75rem;

     

       116
       116
       +
           }

     

       117
       117
       +
       

     

       118
       118
       +
           .recording-info {

     

       119
       119
       +
             flex: 1;

     

       120
       120
       +
           }

     

       121
       121
       +
       

     

       122
       122
       +
           .recording-name {

     

       123
       123
       +
             font-weight: 600;

     

       124
       124
       +
             color: var(--text);

     

       125
       125
       +
             margin-bottom: 0.25rem;

     

       126
       126
       +
           }

     

       127
       127
       +
       

     

       128
       128
       +
           .recording-meta {

     

       129
       129
       +
             font-size: 0.75rem;

     

       130
       130
       +
             color: var(--paynes-gray);

     

       131
       131
       +
           }

     

       132
       132
       +
       

     

       133
       133
       +
           .vote-section {

     

       134
       134
       +
             display: flex;

     

       135
       135
       +
             align-items: center;

     

       136
       136
       +
             gap: 1rem;

     

       137
       137
       +
           }

     

       138
       138
       +
       

     

       139
       139
       +
           .vote-count {

     

       140
       140
       +
             font-size: 1.25rem;

     

       141
       141
       +
             font-weight: 600;

     

       142
       142
       +
             color: var(--accent);

     

       143
       143
       +
             min-width: 3rem;

     

       144
       144
       +
             text-align: center;

     

       145
       145
       +
           }

     

       146
       146
       +
       

     

       147
       147
       +
           .vote-button {

     

       148
       148
       +
             padding: 0.5rem 1rem;

     

       149
       149
       +
             border-radius: 6px;

     

       150
       150
       +
             font-size: 0.875rem;

     

       151
       151
       +
             font-weight: 500;

     

       152
       152
       +
             cursor: pointer;

     

       153
       153
       +
             transition: all 0.2s;

     

       154
       154
       +
             border: 2px solid var(--secondary);

     

       155
       155
       +
             background: var(--background);

     

       156
       156
       +
             color: var(--text);

     

       157
       157
       +
           }

     

       158
       158
       +
       

     

       159
       159
       +
           .vote-button:hover:not(:disabled) {

     

       160
       160
       +
             border-color: var(--accent);

     

       161
       161
       +
             background: color-mix(in srgb, var(--accent) 10%, transparent);

     

       162
       162
       +
           }

     

       163
       163
       +
       

     

       164
       164
       +
           .vote-button.voted {

     

       165
       165
       +
             border-color: var(--accent);

     

       166
       166
       +
             background: var(--accent);

     

       167
       167
       +
             color: var(--white);

     

       168
       168
       +
           }

     

       169
       169
       +
       

     

       170
       170
       +
           .vote-button:disabled {

     

       171
       171
       +
             opacity: 0.5;

     

       172
       172
       +
             cursor: not-allowed;

     

       173
       173
       +
           }

     

       174
       174
       +
       

     

       175
       175
       +
           .delete-button {

     

       176
       176
       +
             padding: 0.5rem;

     

       177
       177
       +
             border: none;

     

       178
       178
       +
             background: transparent;

     

       179
       179
       +
             color: var(--paynes-gray);

     

       180
       180
       +
             cursor: pointer;

     

       181
       181
       +
             border-radius: 4px;

     

       182
       182
       +
             transition: all 0.2s;

     

       183
       183
       +
           }

     

       184
       184
       +
       

     

       185
       185
       +
           .delete-button:hover {

     

       186
       186
       +
             background: color-mix(in srgb, red 10%, transparent);

     

       187
       187
       +
             color: red;

     

       188
       188
       +
           }

     

       189
       189
       +
       

     

       190
       190
       +
           .winning-badge {

     

       191
       191
       +
             background: var(--accent);

     

       192
       192
       +
             color: var(--white);

     

       193
       193
       +
             padding: 0.25rem 0.75rem;

     

       194
       194
       +
             border-radius: 12px;

     

       195
       195
       +
             font-size: 0.75rem;

     

       196
       196
       +
             font-weight: 600;

     

       197
       197
       +
           }

     

       198
       198
       +
       

     

       199
       199
       +
           .error {

     

       200
       200
       +
             background: color-mix(in srgb, red 10%, transparent);

     

       201
       201
       +
             border: 1px solid red;

     

       202
       202
       +
             color: red;

     

       203
       203
       +
             padding: 0.75rem;

     

       204
       204
       +
             border-radius: 4px;

     

       205
       205
       +
             margin-bottom: 1rem;

     

       206
       206
       +
             font-size: 0.875rem;

     

       207
       207
       +
           }

     

       208
       208
       +
       

     

       209
       209
       +
           .empty-state {

     

       210
       210
       +
             text-align: center;

     

       211
       211
       +
             padding: 3rem 1rem;

     

       212
       212
       +
             color: var(--paynes-gray);

     

       213
       213
       +
           }

     

       214
       214
       +
       

     

       215
       215
       +
           .audio-player {

     

       216
       216
       +
             margin-top: 0.75rem;

     

       217
       217
       +
           }

     

       218
       218
       +
       

     

       219
       219
       +
           audio {

     

       220
       220
       +
             width: 100%;

     

       221
       221
       +
             height: 2.5rem;

     

       222
       222
       +
           }

     

       223
       223
       +
         `;

     

       224
       224
       +
       

     

       225
       225
       +
       	override connectedCallback() {

     

       226
       226
       +
       		super.connectedCallback();

     

       227
       227
       +
       		this.loadRecordings();

     

       228
       228
       +
       		// Refresh every 10 seconds

     

       229
       229
       +
       		this.refreshInterval = setInterval(() => this.loadRecordings(), 10000);

     

       230
       230
       +
       	}

     

       231
       231
       +
       

     

       232
       232
       +
       	override disconnectedCallback() {

     

       233
       233
       +
       		super.disconnectedCallback();

     

       234
       234
       +
       		if (this.refreshInterval) {

     

       235
       235
       +
       			clearInterval(this.refreshInterval);

     

       236
       236
       +
       		}

     

       237
       237
       +
       	}

     

       238
       238
       +
       

     

       239
       239
       +
       	private async loadRecordings() {

     

       240
       240
       +
       		if (this.loadingInProgress) return;

     

       241
       241
       +
       

     

       242
       242
       +
       		this.loadingInProgress = true;

     

       243
       243
       +
       

     

       244
       244
       +
       		try {

     

       245
       245
       +
       			// Build URL with optional section_id parameter

     

       246
       246
       +
       			const url = new URL(

     

       247
       247
       +
       				`/api/classes/${this.classId}/meetings/${this.meetingTimeId}/recordings`,

     

       248
       248
       +
       				window.location.origin,

     

       249
       249
       +
       			);

     

       250
       250
       +
       			if (this.sectionId !== null) {

     

       251
       251
       +
       				url.searchParams.set("section_id", this.sectionId);

     

       252
       252
       +
       			}

     

       253
       253
       +
       

     

       254
       254
       +
       			const response = await fetch(url.toString());

     

       255
       255
       +
       

     

       256
       256
       +
       			if (!response.ok) {

     

       257
       257
       +
       				throw new Error("Failed to load recordings");

     

       258
       258
       +
       			}

     

       259
       259
       +
       

     

       260
       260
       +
       			const data: RecordingsData = await response.json();

     

       261
       261
       +
       			this.recordings = data.recordings;

     

       262
       262
       +
       			this.userVote = data.user_vote;

     

       263
       263
       +
       			this.voteThreshold = data.vote_threshold;

     

       264
       264
       +
       			this.winningRecordingId = data.winning_recording_id;

     

       265
       265
       +
       

     

       266
       266
       +
       			// Calculate time remaining for first recording

     

       267
       267
       +
       			if (this.recordings.length > 0 && this.recordings[0]) {

     

       268
       268
       +
       				const uploadedAt = this.recordings[0].created_at;

     

       269
       269
       +
       				const now = Date.now() / 1000;

     

       270
       270
       +
       				const elapsed = now - uploadedAt;

     

       271
       271
       +
       				const remaining = 30 * 60 - elapsed; // 30 minutes

     

       272
       272
       +
       

     

       273
       273
       +
       				if (remaining > 0) {

     

       274
       274
       +
       					const minutes = Math.floor(remaining / 60);

     

       275
       275
       +
       					const seconds = Math.floor(remaining % 60);

     

       276
       276
       +
       					this.timeRemaining = `${minutes}:${seconds.toString().padStart(2, "0")}`;

     

       277
       277
       +
       				} else {

     

       278
       278
       +
       					this.timeRemaining = "Auto-submitting...";

     

       279
       279
       +
       				}

     

       280
       280
       +
       			}

     

       281
       281
       +
       

     

       282
       282
       +
       			this.error = null;

     

       283
       283
       +
       		} catch (error) {

     

       284
       284
       +
       			this.error =

     

       285
       285
       +
       				error instanceof Error ? error.message : "Failed to load recordings";

     

       286
       286
       +
       		} finally {

     

       287
       287
       +
       			this.loadingInProgress = false;

     

       288
       288
       +
       		}

     

       289
       289
       +
       	}

     

       290
       290
       +
       

     

       291
       291
       +
       	private async handleVote(recordingId: string) {

     

       292
       292
       +
       		try {

     

       293
       293
       +
       			const response = await fetch(`/api/recordings/${recordingId}/vote`, {

     

       294
       294
       +
       				method: "POST",

     

       295
       295
       +
       			});

     

       296
       296
       +
       

     

       297
       297
       +
       			if (!response.ok) {

     

       298
       298
       +
       				throw new Error("Failed to vote");

     

       299
       299
       +
       			}

     

       300
       300
       +
       

     

       301
       301
       +
       			const data = await response.json();

     

       302
       302
       +
       

     

       303
       303
       +
       			// If a winner was selected, reload the page to show it in transcriptions

     

       304
       304
       +
       			if (data.winning_recording_id) {

     

       305
       305
       +
       				window.location.reload();

     

       306
       306
       +
       			} else {

     

       307
       307
       +
       				// Just reload recordings to show updated votes

     

       308
       308
       +
       				await this.loadRecordings();

     

       309
       309
       +
       			}

     

       310
       310
       +
       		} catch (error) {

     

       311
       311
       +
       			this.error =

     

       312
       312
       +
       				error instanceof Error ? error.message : "Failed to vote";

     

       313
       313
       +
       		}

     

       314
       314
       +
       	}

     

       315
       315
       +
       

     

       316
       316
       +
       	private async handleDelete(recordingId: string) {

     

       317
       317
       +
       		if (!confirm("Delete this recording?")) {

     

       318
       318
       +
       			return;

     

       319
       319
       +
       		}

     

       320
       320
       +
       

     

       321
       321
       +
       		try {

     

       322
       322
       +
       			const response = await fetch(`/api/recordings/${recordingId}`, {

     

       323
       323
       +
       				method: "DELETE",

     

       324
       324
       +
       			});

     

       325
       325
       +
       

     

       326
       326
       +
       			if (!response.ok) {

     

       327
       327
       +
       				throw new Error("Failed to delete recording");

     

       328
       328
       +
       			}

     

       329
       329
       +
       

     

       330
       330
       +
       			await this.loadRecordings();

     

       331
       331
       +
       		} catch (error) {

     

       332
       332
       +
       			this.error =

     

       333
       333
       +
       				error instanceof Error ? error.message : "Failed to delete recording";

     

       334
       334
       +
       		}

     

       335
       335
       +
       	}

     

       336
       336
       +
       

     

       337
       337
       +
       	private formatTimeAgo(timestamp: number): string {

     

       338
       338
       +
       		const now = Date.now() / 1000;

     

       339
       339
       +
       		const diff = now - timestamp;

     

       340
       340
       +
       

     

       341
       341
       +
       		if (diff < 60) return "just now";

     

       342
       342
       +
       		if (diff < 3600) return `${Math.floor(diff / 60)}m ago`;

     

       343
       343
       +
       		if (diff < 86400) return `${Math.floor(diff / 3600)}h ago`;

     

       344
       344
       +
       		return `${Math.floor(diff / 86400)}d ago`;

     

       345
       345
       +
       	}

     

       346
       346
       +
       

     

       347
       347
       +
       	override render() {

     

       348
       348
       +
       		return html`

     

       349
       349
       +
             <div class="container">

     

       350
       350
       +
               <h2>Pending Recordings - ${this.meetingTimeLabel}</h2>

     

       351
       351
       +
               <p class="info">

     

       352
       352
       +
                 Vote for the best quality recording. The winner will be automatically transcribed when 40% of class votes or after 30 minutes.

     

       353
       353
       +
               </p>

     

       354
       354
       +
       

     

       355
       355
       +
               ${this.error ? html`<div class="error">${this.error}</div>` : ""}

     

       356
       356
       +
       

     

       357
       357
       +
               ${

     

       358
       358
       +
       					this.recordings.length > 0

     

       359
       359
       +
       						? html`

     

       360
       360
       +
                   <div class="stats">

     

       361
       361
       +
                     <div class="stat">

     

       362
       362
       +
                       <div class="stat-label">Recordings</div>

     

       363
       363
       +
                       <div class="stat-value">${this.recordings.length}</div>

     

       364
       364
       +
                     </div>

     

       365
       365
       +
                     <div class="stat">

     

       366
       366
       +
                       <div class="stat-label">Vote Threshold</div>

     

       367
       367
       +
                       <div class="stat-value">${this.voteThreshold} votes</div>

     

       368
       368
       +
                     </div>

     

       369
       369
       +
                     <div class="stat">

     

       370
       370
       +
                       <div class="stat-label">Time Remaining</div>

     

       371
       371
       +
                       <div class="stat-value">${this.timeRemaining}</div>

     

       372
       372
       +
                     </div>

     

       373
       373
       +
                   </div>

     

       374
       374
       +
       

     

       375
       375
       +
                   <div class="recordings-list">

     

       376
       376
       +
                     ${this.recordings.map(

     

       377
       377
       +
       								(recording) => html`

     

       378
       378
       +
                       <div class="recording-card ${this.userVote === recording.id ? "voted" : ""} ${this.winningRecordingId === recording.id ? "winning" : ""}">

     

       379
       379
       +
                         <div class="recording-header">

     

       380
       380
       +
                           <div class="recording-info">

     

       381
       381
       +
                             <div class="recording-name">${recording.original_filename}</div>

     

       382
       382
       +
                             <div class="recording-meta">

     

       383
       383
       +
                               Uploaded ${this.formatTimeAgo(recording.created_at)}

     

       384
       384
       +
                             </div>

     

       385
       385
       +
                           </div>

     

       386
       386
       +
       

     

       387
       387
       +
                           <div class="vote-section">

     

       388
       388
       +
                             ${

     

       389
       389
       +
       												this.winningRecordingId === recording.id

     

       390
       390
       +
       													? html`<span class="winning-badge">✨ Selected</span>`

     

       391
       391
       +
       													: ""

     

       392
       392
       +
       											}

     

       393
       393
       +
                             

     

       394
       394
       +
                             <div class="vote-count">

     

       395
       395
       +
                               ${recording.vote_count} ${recording.vote_count === 1 ? "vote" : "votes"}

     

       396
       396
       +
                             </div>

     

       397
       397
       +
       

     

       398
       398
       +
                             <button

     

       399
       399
       +
                               class="vote-button ${this.userVote === recording.id ? "voted" : ""}"

     

       400
       400
       +
                               @click=${() => this.handleVote(recording.id)}

     

       401
       401
       +
                               ?disabled=${this.winningRecordingId !== null}

     

       402
       402
       +
                             >

     

       403
       403
       +
                               ${this.userVote === recording.id ? "✓ Voted" : "Vote"}

     

       404
       404
       +
                             </button>

     

       405
       405
       +
       

     

       406
       406
       +
                             <button

     

       407
       407
       +
                               class="delete-button"

     

       408
       408
       +
                               @click=${() => this.handleDelete(recording.id)}

     

       409
       409
       +
                               title="Delete recording"

     

       410
       410
       +
                             >

     

       411
       411
       +
                               🗑️

     

       412
       412
       +
                             </button>

     

       413
       413
       +
                           </div>

     

       414
       414
       +
                         </div>

     

       415
       415
       +
       

     

       416
       416
       +
                         <div class="audio-player">

     

       417
       417
       +
                           <audio controls preload="none">

     

       418
       418
       +
                             <source src="/api/transcriptions/${recording.id}/audio" type="audio/mpeg">

     

       419
       419
       +
                           </audio>

     

       420
       420
       +
                         </div>

     

       421
       421
       +
                       </div>

     

       422
       422
       +
                     `,

     

       423
       423
       +
       							)}

     

       424
       424
       +
                   </div>

     

       425
       425
       +
                 `

     

       426
       426
       +
       						: html`

     

       427
       427
       +
                   <div class="empty-state">

     

       428
       428
       +
                     <p>No recordings uploaded yet for this meeting time.</p>

     

       429
       429
       +
                     <p>Upload a recording to get started!</p>

     

       430
       430
       +
                   </div>

     

       431
       431
       +
                 `

     

       432
       432
       +
       				}

     

       433
       433
       +
             </div>

     

       434
       434
       +
           `;

     

       435
       435
       +
       	}

     

       436
       436
       +
       }

+18 -7

src/components/reset-password-form.ts

···

       155
       155
        
       

     

       156
       156
        
       	override async updated(changedProperties: Map<string, unknown>) {

     

       157
       157
        
       		super.updated(changedProperties);

     

       158
       158
       -
       		

     

       158
       158
       +
       

     

       159
       159
        
       		// When token property changes and we don't have email yet, load it

     

       160
       160
       -
       		if (changedProperties.has('token') && this.token && !this.email && !this.isLoadingEmail) {

     

       160
       160
       +
       		if (

     

       161
       161
       +
       			changedProperties.has("token") &&

     

       162
       162
       +
       			this.token &&

     

       163
       163
       +
       			!this.email &&

     

       164
       164
       +
       			!this.isLoadingEmail

     

       165
       165
       +
       		) {

     

       161
       166
        
       			await this.loadEmail();

     

       162
       167
        
       		}

     

       163
       168
        
       	}

     
···

       177
       182
        
       

     

       178
       183
        
       			this.email = data.email;

     

       179
       184
        
       		} catch (err) {

     

       180
       180
       -
       			this.error = err instanceof Error ? err.message : "Failed to verify reset token";

     

       185
       185
       +
       			this.error =

     

       186
       186
       +
       				err instanceof Error ? err.message : "Failed to verify reset token";

     

       181
       187
        
       		} finally {

     

       182
       188
        
       			this.isLoadingEmail = false;

     

       183
       189
        
       		}

     
···

       230
       236
        
       				<h1 class="reset-title">Reset Password</h1>

     

       231
       237
        
       				

     

       232
       238
        
       				<form @submit=${this.handleSubmit}>

     

       233
       233
       -
       					${this.error

     

       234
       234
       -
       						? html`<div class="error-banner">${this.error}</div>`

     

       235
       235
       -
       						: ""}

     

       239
       239
       +
       					${

     

       240
       240
       +
       						this.error

     

       241
       241
       +
       							? html`<div class="error-banner">${this.error}</div>`

     

       242
       242
       +
       							: ""

     

       243
       243
       +
       					}

     

       236
       244
        
       					

     

       237
       245
        
       					<div class="form-group">

     

       238
       246
        
       						<label for="password">New Password</label>

     
···

       298
       306
        
       			}

     

       299
       307
        
       

     

       300
       308
        
       			// Hash password client-side with user's email

     

       301
       301
       -
       			const hashedPassword = await hashPasswordClient(this.password, this.email);

     

       309
       309
       +
       			const hashedPassword = await hashPasswordClient(

     

       310
       310
       +
       				this.password,

     

       311
       311
       +
       				this.email,

     

       312
       312
       +
       			);

     

       302
       313
        
       

     

       303
       314
        
       			const response = await fetch("/api/auth/reset-password", {

     

       304
       315
        
       				method: "POST",

+10 -5

src/components/transcription.ts

···

       565
       565
        
       

     

       566
       566
        
       	async checkHealth() {

     

       567
       567
        
       		try {

     

       568
       568
       -
       			const response = await fetch("/api/transcriptions/health");

     

       568
       568
       +
       			const response = await fetch("/api/health");

     

       569
       569
        
       			if (response.ok) {

     

       570
       570
        
       				const data = await response.json();

     

       571
       571
       -
       				this.serviceAvailable = data.available;

     

       571
       571
       +
       				this.serviceAvailable = data.status === "healthy";

     

       572
       572
        
       			} else {

     

       573
       573
        
       				this.serviceAvailable = false;

     

       574
       574
        
       			}

     
···

       792
       792
        
       	}

     

       793
       793
        
       

     

       794
       794
        
       	override render() {

     

       795
       795
       -
       		const canUpload = this.serviceAvailable && (this.hasSubscription || this.isAdmin);

     

       795
       795
       +
       		const canUpload =

     

       796
       796
       +
       			this.serviceAvailable && (this.hasSubscription || this.isAdmin);

     

       796
       797
        
       

     

       797
       798
        
       		return html`

     

       798
       798
       -
             ${!this.hasSubscription && !this.isAdmin ? html`

     

       799
       799
       +
             ${

     

       800
       800
       +
       				!this.hasSubscription && !this.isAdmin

     

       801
       801
       +
       					? html`

     

       799
       802
        
               <div style="background: color-mix(in srgb, var(--accent) 10%, transparent); border: 1px solid var(--accent); border-radius: 8px; padding: 1.5rem; margin-bottom: 2rem; text-align: center;">

     

       800
       803
        
                 <h3 style="margin: 0 0 0.5rem 0; color: var(--text);">Subscribe to Upload Transcriptions</h3>

     

       801
       804
        
                 <p style="margin: 0 0 1rem 0; color: var(--text); opacity: 0.8;">You need an active subscription to upload and transcribe audio files.</p>

     

       802
       805
        
                 <a href="/settings?tab=billing" style="display: inline-block; padding: 0.75rem 1.5rem; background: var(--accent); color: white; text-decoration: none; border-radius: 8px; font-weight: 600; transition: opacity 0.2s;">Subscribe Now</a>

     

       803
       806
        
               </div>

     

       804
       804
       -
             ` : ''}

     

       807
       807
       +
             `

     

       808
       808
       +
       					: ""

     

       809
       809
       +
       			}

     

       805
       810
        
       

     

       806
       811
        
             <div class="upload-area ${this.dragOver ? "drag-over" : ""} ${!canUpload ? "disabled" : ""}"

     

       807
       812
        
                  @dragover=${canUpload ? this.handleDragOver : null}

+153 -46

src/components/user-settings.ts

···

       36
       36
        
       	canceled_at: number | null;

     

       37
       37
        
       }

     

       38
       38
        
       

     

       39
       39
       -
       type SettingsPage = "account" | "sessions" | "passkeys" | "billing" | "notifications" | "danger";

     

       39
       39
       +
       type SettingsPage =

     

       40
       40
       +
       	| "account"

     

       41
       41
       +
       	| "sessions"

     

       42
       42
       +
       	| "passkeys"

     

       43
       43
       +
       	| "billing"

     

       44
       44
       +
       	| "notifications"

     

       45
       45
       +
       	| "danger";

     

       40
       46
        
       

     

       41
       47
        
       @customElement("user-settings")

     

       42
       48
        
       export class UserSettings extends LitElement {

     
···

       61
       67
        
       	@state() addingPasskey = false;

     

       62
       68
        
       	@state() emailNotificationsEnabled = true;

     

       63
       69
        
       	@state() deletingAccount = false;

     

       70
       70
       +
       	@state() emailChangeMessage = "";

     

       71
       71
       +
       	@state() pendingEmailChange = "";

     

       72
       72
       +
       	@state() updatingEmail = false;

     

       64
       73
        
       

     

       65
       74
        
       	static override styles = css`

     

       66
       75
        
       		:host {

     
···

       288
       297
        
       			line-height: 1.5;

     

       289
       298
        
       		}

     

       290
       299
        
       

     

       300
       300
       +
       		.success-message {

     

       301
       301
       +
       			padding: 1rem;

     

       302
       302
       +
       			background: rgba(76, 175, 80, 0.1);

     

       303
       303
       +
       			border: 1px solid rgba(76, 175, 80, 0.3);

     

       304
       304
       +
       			border-radius: 0.5rem;

     

       305
       305
       +
       			color: var(--text);

     

       306
       306
       +
       		}

     

       307
       307
       +
       

     

       308
       308
       +
       		.spinner {

     

       309
       309
       +
       			display: inline-block;

     

       310
       310
       +
       			width: 1rem;

     

       311
       311
       +
       			height: 1rem;

     

       312
       312
       +
       			border: 2px solid rgba(255, 255, 255, 0.3);

     

       313
       313
       +
       			border-top-color: white;

     

       314
       314
       +
       			border-radius: 50%;

     

       315
       315
       +
       			animation: spin 0.6s linear infinite;

     

       316
       316
       +
       		}

     

       317
       317
       +
       

     

       318
       318
       +
       		@keyframes spin {

     

       319
       319
       +
       			to {

     

       320
       320
       +
       				transform: rotate(360deg);

     

       321
       321
       +
       			}

     

       322
       322
       +
       		}

     

       323
       323
       +
       

     

       291
       324
        
       		.session-list {

     

       292
       325
        
       			display: flex;

     

       293
       326
        
       			flex-direction: column;

     
···

       517
       550
        
       	override async connectedCallback() {

     

       518
       551
        
       		super.connectedCallback();

     

       519
       552
        
       		this.passkeySupported = isPasskeySupported();

     

       520
       520
       -
       		

     

       553
       553
       +
       

     

       521
       554
        
       		// Check for tab query parameter

     

       522
       555
        
       		const params = new URLSearchParams(window.location.search);

     

       523
       556
        
       		const tab = params.get("tab");

     

       524
       557
        
       		if (tab && this.isValidTab(tab)) {

     

       525
       558
        
       			this.currentPage = tab as SettingsPage;

     

       526
       559
        
       		}

     

       527
       527
       -
       		

     

       560
       560
       +
       

     

       528
       561
        
       		await this.loadUser();

     

       529
       562
        
       		await this.loadSessions();

     

       530
       563
        
       		await this.loadSubscription();

     
···

       534
       567
        
       	}

     

       535
       568
        
       

     

       536
       569
        
       	private isValidTab(tab: string): boolean {

     

       537
       537
       -
       		return ["account", "sessions", "passkeys", "billing", "notifications", "danger"].includes(tab);

     

       570
       570
       +
       		return [

     

       571
       571
       +
       			"account",

     

       572
       572
       +
       			"sessions",

     

       573
       573
       +
       			"passkeys",

     

       574
       574
       +
       			"billing",

     

       575
       575
       +
       			"notifications",

     

       576
       576
       +
       			"danger",

     

       577
       577
       +
       		].includes(tab);

     

       538
       578
        
       	}

     

       539
       579
        
       

     

       540
       580
        
       	private setTab(tab: SettingsPage) {

     
···

       647
       687
        
       			// Reload passkeys

     

       648
       688
        
       			await this.loadPasskeys();

     

       649
       689
        
       		} catch (err) {

     

       650
       650
       -
       			this.error = err instanceof Error ? err.message : "Failed to delete passkey";

     

       690
       690
       +
       			this.error =

     

       691
       691
       +
       				err instanceof Error ? err.message : "Failed to delete passkey";

     

       651
       692
        
       		}

     

       652
       693
        
       	}

     

       653
       694
        
       

     
···

       655
       696
        
       		this.error = "";

     

       656
       697
        
       		try {

     

       657
       698
        
       			const response = await fetch("/api/auth/logout", { method: "POST" });

     

       658
       658
       -
       			

     

       699
       699
       +
       

     

       659
       700
        
       			if (!response.ok) {

     

       660
       701
        
       				const data = await response.json();

     

       661
       702
        
       				this.error = data.error || "Failed to logout";

     

       662
       703
        
       				return;

     

       663
       704
        
       			}

     

       664
       664
       -
       			

     

       705
       705
       +
       

     

       665
       706
        
       			window.location.href = "/";

     

       666
       707
        
       		} catch (err) {

     

       667
       708
        
       			this.error = err instanceof Error ? err.message : "Failed to logout";

     
···

       672
       713
        
       		this.deletingAccount = true;

     

       673
       714
        
       		this.error = "";

     

       674
       715
        
       		document.body.style.cursor = "wait";

     

       675
       675
       -
       		

     

       716
       716
       +
       

     

       676
       717
        
       		try {

     

       677
       718
        
       			const response = await fetch("/api/user", {

     

       678
       719
        
       				method: "DELETE",

     
···

       696
       737
        
       

     

       697
       738
        
       	async handleUpdateEmail() {

     

       698
       739
        
       		this.error = "";

     

       740
       740
       +
       		this.emailChangeMessage = "";

     

       699
       741
        
       		if (!this.newEmail) {

     

       700
       742
        
       			this.error = "Email required";

     

       701
       743
        
       			return;

     

       702
       744
        
       		}

     

       703
       745
        
       

     

       746
       746
       +
       		this.updatingEmail = true;

     

       704
       747
        
       		try {

     

       705
       748
        
       			const response = await fetch("/api/user/email", {

     

       706
       749
        
       				method: "PUT",

     
···

       708
       751
        
       				body: JSON.stringify({ email: this.newEmail }),

     

       709
       752
        
       			});

     

       710
       753
        
       

     

       754
       754
       +
       			const data = await response.json();

     

       755
       755
       +
       

     

       711
       756
        
       			if (!response.ok) {

     

       712
       712
       -
       				const data = await response.json();

     

       713
       757
        
       				this.error = data.error || "Failed to update email";

     

       714
       758
        
       				return;

     

       715
       759
        
       			}

     

       716
       760
        
       

     

       717
       717
       -
       			// Reload user data

     

       718
       718
       -
       			await this.loadUser();

     

       761
       761
       +
       			// Show success message with pending email

     

       762
       762
       +
       			this.emailChangeMessage = data.message || "Verification email sent";

     

       763
       763
       +
       			this.pendingEmailChange = data.pendingEmail || this.newEmail;

     

       719
       764
        
       			this.editingEmail = false;

     

       720
       765
        
       			this.newEmail = "";

     

       721
       766
        
       		} catch {

     

       722
       767
        
       			this.error = "Failed to update email";

     

       768
       768
       +
       		} finally {

     

       769
       769
       +
       			this.updatingEmail = false;

     

       723
       770
        
       		}

     

       724
       771
        
       	}

     

       725
       772
        
       

     
···

       990
       1037
        
       

     

       991
       1038
        
       		return html`

     

       992
       1039
        
       			<div class="content-inner">

     

       993
       993
       -
       			${this.error ? html`

     

       1040
       1040
       +
       			${

     

       1041
       1041
       +
       				this.error

     

       1042
       1042
       +
       					? html`

     

       994
       1043
        
       				<div class="error-banner">

     

       995
       1044
        
       					${this.error}

     

       996
       1045
        
       				</div>

     

       997
       997
       -
       			` : ""}

     

       1046
       1046
       +
       			`

     

       1047
       1047
       +
       					: ""

     

       1048
       1048
       +
       			}

     

       998
       1049
        
       			<div class="section">

     

       999
       1050
        
       				<h2 class="section-title">Profile Information</h2>

     

       1000
       1051
        
       

     
···

       1032
       1083
        
       				<div class="field-group">

     

       1033
       1084
        
       					<label class="field-label">Email</label>

     

       1034
       1085
        
       					${

     

       1035
       1035
       -
       						this.editingEmail

     

       1086
       1086
       +
       						this.emailChangeMessage

     

       1036
       1087
        
       							? html`

     

       1088
       1088
       +
       							<div class="success-message" style="margin-bottom: 1rem;">

     

       1089
       1089
       +
       								${this.emailChangeMessage}

     

       1090
       1090
       +
       								${this.pendingEmailChange ? html`<br><strong>New email:</strong> ${this.pendingEmailChange}` : ""}

     

       1091
       1091
       +
       							</div>

     

       1092
       1092
       +
       							<div class="field-row">

     

       1093
       1093
       +
       								<div class="field-value">${this.user.email}</div>

     

       1094
       1094
       +
       							</div>

     

       1095
       1095
       +
       						  `

     

       1096
       1096
       +
       							: this.editingEmail

     

       1097
       1097
       +
       								? html`

     

       1037
       1098
        
       							<div style="display: flex; gap: 0.5rem; align-items: center;">

     

       1038
       1099
        
       								<input

     

       1039
       1100
        
       									type="email"

     
···

       1047
       1108
        
       								<button

     

       1048
       1109
        
       									class="btn btn-affirmative btn-small"

     

       1049
       1110
        
       									@click=${this.handleUpdateEmail}

     

       1111
       1111
       +
       									?disabled=${this.updatingEmail}

     

       1050
       1112
        
       								>

     

       1051
       1051
       -
       									Save

     

       1113
       1113
       +
       									${this.updatingEmail ? html`<span class="spinner"></span>` : "Save"}

     

       1052
       1114
        
       								</button>

     

       1053
       1115
        
       								<button

     

       1054
       1116
        
       									class="btn btn-neutral btn-small"

     
···

       1061
       1123
        
       								</button>

     

       1062
       1124
        
       							</div>

     

       1063
       1125
        
       						  `

     

       1064
       1064
       -
       							: html`

     

       1126
       1126
       +
       								: html`

     

       1065
       1127
        
       							<div class="field-row">

     

       1066
       1128
        
       								<div class="field-value">${this.user.email}</div>

     

       1067
       1129
        
       								<button

     
···

       1069
       1131
        
       									@click=${() => {

     

       1070
       1132
        
       										this.editingEmail = true;

     

       1071
       1133
        
       										this.newEmail = this.user?.email ?? "";

     

       1134
       1134
       +
       										this.emailChangeMessage = "";

     

       1072
       1135
        
       									}}

     

       1073
       1136
        
       								>

     

       1074
       1137
        
       									Change

     
···

       1203
       1266
        
       	renderSessionsPage() {

     

       1204
       1267
        
       		return html`

     

       1205
       1268
        
       			<div class="content-inner">

     

       1206
       1206
       -
       			${this.error ? html`

     

       1269
       1269
       +
       			${

     

       1270
       1270
       +
       				this.error

     

       1271
       1271
       +
       					? html`

     

       1207
       1272
        
       				<div class="error-banner">

     

       1208
       1273
        
       					${this.error}

     

       1209
       1274
        
       				</div>

     

       1210
       1210
       -
       			` : ""}

     

       1275
       1275
       +
       			`

     

       1276
       1276
       +
       					: ""

     

       1277
       1277
       +
       			}

     

       1211
       1278
        
       			<div class="section">

     

       1212
       1279
        
       				<h2 class="section-title">Active Sessions</h2>

     

       1213
       1280
        
       				${

     
···

       1285
       1352
        
       			`;

     

       1286
       1353
        
       		}

     

       1287
       1354
        
       

     

       1288
       1288
       -
       		const hasActiveSubscription = this.subscription && (

     

       1289
       1289
       -
       			this.subscription.status === "active" || 

     

       1290
       1290
       -
       			this.subscription.status === "trialing"

     

       1291
       1291
       -
       		);

     

       1355
       1355
       +
       		const hasActiveSubscription =

     

       1356
       1356
       +
       			this.subscription &&

     

       1357
       1357
       +
       			(this.subscription.status === "active" ||

     

       1358
       1358
       +
       				this.subscription.status === "trialing");

     

       1292
       1359
        
       

     

       1293
       1360
        
       		if (this.subscription && !hasActiveSubscription) {

     

       1294
       1361
        
       			// Has a subscription but it's not active (canceled, expired, etc.)

     

       1295
       1295
       -
       			const statusColor = 

     

       1296
       1296
       -
       				this.subscription.status === "canceled" ? "var(--accent)" :

     

       1297
       1297
       -
       				"var(--secondary)";

     

       1362
       1362
       +
       			const statusColor =

     

       1363
       1363
       +
       				this.subscription.status === "canceled"

     

       1364
       1364
       +
       					? "var(--accent)"

     

       1365
       1365
       +
       					: "var(--secondary)";

     

       1298
       1366
        
       

     

       1299
       1367
        
       			return html`

     

       1300
       1368
        
       				<div class="content-inner">

     

       1301
       1301
       -
       					${this.error ? html`

     

       1369
       1369
       +
       					${

     

       1370
       1370
       +
       						this.error

     

       1371
       1371
       +
       							? html`

     

       1302
       1372
        
       						<div class="error-banner">

     

       1303
       1373
        
       							${this.error}

     

       1304
       1374
        
       						</div>

     

       1305
       1305
       -
       					` : ""}

     

       1375
       1375
       +
       					`

     

       1376
       1376
       +
       							: ""

     

       1377
       1377
       +
       					}

     

       1306
       1378
        
       					<div class="section">

     

       1307
       1379
        
       						<h2 class="section-title">Subscription</h2>

     

       1308
       1380
        
       						

     
···

       1324
       1396
        
       							</div>

     

       1325
       1397
        
       						</div>

     

       1326
       1398
        
       

     

       1327
       1327
       -
       						${this.subscription.canceled_at ? html`

     

       1399
       1399
       +
       						${

     

       1400
       1400
       +
       							this.subscription.canceled_at

     

       1401
       1401
       +
       								? html`

     

       1328
       1402
        
       							<div class="field-group">

     

       1329
       1403
        
       								<label class="field-label">Canceled At</label>

     

       1330
       1404
        
       								<div class="field-value" style="color: var(--accent);">

     

       1331
       1405
        
       									${this.formatDate(this.subscription.canceled_at)}

     

       1332
       1406
        
       								</div>

     

       1333
       1407
        
       							</div>

     

       1334
       1334
       -
       						` : ""}

     

       1408
       1408
       +
       						`

     

       1409
       1409
       +
       								: ""

     

       1410
       1410
       +
       						}

     

       1335
       1411
        
       

     

       1336
       1412
        
       						<div class="field-group" style="margin-top: 2rem;">

     

       1337
       1413
        
       							<button

     
···

       1353
       1429
        
       		if (hasActiveSubscription) {

     

       1354
       1430
        
       			return html`

     

       1355
       1431
        
       				<div class="content-inner">

     

       1356
       1356
       -
       					${this.error ? html`

     

       1432
       1432
       +
       					${

     

       1433
       1433
       +
       						this.error

     

       1434
       1434
       +
       							? html`

     

       1357
       1435
        
       						<div class="error-banner">

     

       1358
       1436
        
       							${this.error}

     

       1359
       1437
        
       						</div>

     

       1360
       1360
       -
       					` : ""}

     

       1438
       1438
       +
       					`

     

       1439
       1439
       +
       							: ""

     

       1440
       1440
       +
       					}

     

       1361
       1441
        
       					<div class="section">

     

       1362
       1442
        
       						<h2 class="section-title">Subscription</h2>

     

       1363
       1443
        
       						

     
···

       1376
       1456
        
       								">

     

       1377
       1457
        
       									${this.subscription.status}

     

       1378
       1458
        
       								</span>

     

       1379
       1379
       -
       								${this.subscription.cancel_at_period_end ? html`

     

       1459
       1459
       +
       								${

     

       1460
       1460
       +
       									this.subscription.cancel_at_period_end

     

       1461
       1461
       +
       										? html`

     

       1380
       1462
        
       									<span style="color: var(--accent); font-size: 0.875rem;">

     

       1381
       1463
        
       										(Cancels at end of period)

     

       1382
       1464
        
       									</span>

     

       1383
       1383
       -
       								` : ""}

     

       1465
       1465
       +
       								`

     

       1466
       1466
       +
       										: ""

     

       1467
       1467
       +
       								}

     

       1384
       1468
        
       							</div>

     

       1385
       1469
        
       						</div>

     

       1386
       1470
        
       

     

       1387
       1387
       -
       						${this.subscription.current_period_start && this.subscription.current_period_end ? html`

     

       1471
       1471
       +
       						${

     

       1472
       1472
       +
       							this.subscription.current_period_start &&

     

       1473
       1473
       +
       							this.subscription.current_period_end

     

       1474
       1474
       +
       								? html`

     

       1388
       1475
        
       							<div class="field-group">

     

       1389
       1476
        
       								<label class="field-label">Current Period</label>

     

       1390
       1477
        
       								<div class="field-value">

     
···

       1392
       1479
        
       									${this.formatDate(this.subscription.current_period_end)}

     

       1393
       1480
        
       								</div>

     

       1394
       1481
        
       							</div>

     

       1395
       1395
       -
       						` : ""}

     

       1482
       1482
       +
       						`

     

       1483
       1483
       +
       								: ""

     

       1484
       1484
       +
       						}

     

       1396
       1485
        
       

     

       1397
       1486
        
       						<div class="field-group" style="margin-top: 2rem;">

     

       1398
       1487
        
       							<button

     
···

       1413
       1502
        
       

     

       1414
       1503
        
       		return html`

     

       1415
       1504
        
       			<div class="content-inner">

     

       1416
       1416
       -
       				${this.error ? html`

     

       1505
       1505
       +
       				${

     

       1506
       1506
       +
       					this.error

     

       1507
       1507
       +
       						? html`

     

       1417
       1508
        
       					<div class="error-banner">

     

       1418
       1509
        
       						${this.error}

     

       1419
       1510
        
       					</div>

     

       1420
       1420
       -
       				` : ""}

     

       1511
       1511
       +
       				`

     

       1512
       1512
       +
       						: ""

     

       1513
       1513
       +
       				}

     

       1421
       1514
        
       				<div class="section">

     

       1422
       1515
        
       					<h2 class="section-title">Billing & Subscription</h2>

     

       1423
       1516
        
       					<p class="field-description" style="margin-bottom: 1.5rem;">

     
···

       1438
       1531
        
       	renderDangerPage() {

     

       1439
       1532
        
       		return html`

     

       1440
       1533
        
       			<div class="content-inner">

     

       1441
       1441
       -
       			${this.error ? html`

     

       1534
       1534
       +
       			${

     

       1535
       1535
       +
       				this.error

     

       1536
       1536
       +
       					? html`

     

       1442
       1537
        
       				<div class="error-banner">

     

       1443
       1538
        
       					${this.error}

     

       1444
       1539
        
       				</div>

     

       1445
       1445
       -
       			` : ""}

     

       1540
       1540
       +
       			`

     

       1541
       1541
       +
       					: ""

     

       1542
       1542
       +
       			}

     

       1446
       1543
        
       			<div class="section danger-section">

     

       1447
       1544
        
       				<h2 class="section-title">Delete Account</h2>

     

       1448
       1545
        
       				<p class="danger-text">

     
···

       1465
       1562
        
       	renderNotificationsPage() {

     

       1466
       1563
        
       		return html`

     

       1467
       1564
        
       			<div class="content-inner">

     

       1468
       1468
       -
       				${this.error ? html`

     

       1565
       1565
       +
       				${

     

       1566
       1566
       +
       					this.error

     

       1567
       1567
       +
       						? html`

     

       1469
       1568
        
       					<div class="error-banner">

     

       1470
       1569
        
       						${this.error}

     

       1471
       1570
        
       					</div>

     

       1472
       1472
       -
       				` : ""}

     

       1571
       1571
       +
       				`

     

       1572
       1572
       +
       						: ""

     

       1573
       1573
       +
       				}

     

       1473
       1574
        
       				<div class="section">

     

       1474
       1575
        
       					<h2 class="section-title">Email Notifications</h2>

     

       1475
       1576
        
       					<p style="color: var(--text); margin-bottom: 1rem;">

     
···

       1491
       1592
        
       									const target = e.target as HTMLInputElement;

     

       1492
       1593
        
       									this.emailNotificationsEnabled = target.checked;

     

       1493
       1594
        
       									this.error = "";

     

       1494
       1494
       -
       									

     

       1595
       1595
       +
       

     

       1495
       1596
        
       									try {

     

       1496
       1597
        
       										const response = await fetch("/api/user/notifications", {

     

       1497
       1598
        
       											method: "PUT",

     

       1498
       1599
        
       											headers: { "Content-Type": "application/json" },

     

       1499
       1600
        
       											body: JSON.stringify({

     

       1500
       1500
       -
       												email_notifications_enabled: this.emailNotificationsEnabled,

     

       1601
       1601
       +
       												email_notifications_enabled:

     

       1602
       1602
       +
       													this.emailNotificationsEnabled,

     

       1501
       1603
        
       											}),

     

       1502
       1604
        
       										});

     

       1503
       1503
       -
       										

     

       1605
       1605
       +
       

     

       1504
       1606
        
       										if (!response.ok) {

     

       1505
       1607
        
       											const data = await response.json();

     

       1506
       1506
       -
       											throw new Error(data.error || "Failed to update notification settings");

     

       1608
       1608
       +
       											throw new Error(

     

       1609
       1609
       +
       												data.error || "Failed to update notification settings",

     

       1610
       1610
       +
       											);

     

       1507
       1611
        
       										}

     

       1508
       1612
        
       									} catch (err) {

     

       1509
       1613
        
       										// Revert on error

     

       1510
       1614
        
       										this.emailNotificationsEnabled = !target.checked;

     

       1511
       1615
        
       										target.checked = !target.checked;

     

       1512
       1512
       -
       										this.error = err instanceof Error ? err.message : "Failed to update notification settings";

     

       1616
       1616
       +
       										this.error =

     

       1617
       1617
       +
       											err instanceof Error

     

       1618
       1618
       +
       												? err.message

     

       1619
       1619
       +
       												: "Failed to update notification settings";

     

       1513
       1620
        
       									}

     

       1514
       1621
        
       								}}

     

       1515
       1622
        
       							/>

+98 -59

src/db/schema.ts

···

       1
       1
        
       import { Database } from "bun:sqlite";

     

       2
       2
        
       

     

       3
       3
       -
       export const db = new Database("thistle.db");

     

       3
       3
       +
       // Use test database when NODE_ENV is test

     

       4
       4
       +
       const dbPath =

     

       5
       5
       +
       	process.env.NODE_ENV === "test" ? "thistle.test.db" : "thistle.db";

     

       6
       6
       +
       export const db = new Database(dbPath);

     

       7
       7
       +
       

     

       8
       8
       +
       console.log(`[Database] Using database: ${dbPath}`);

     

       4
       9
        
       

     

       5
       10
        
       // Schema version tracking

     

       6
       11
        
       db.run(`

     
···

       13
       18
        
       const migrations = [

     

       14
       19
        
       	{

     

       15
       20
        
       		version: 1,

     

       16
       16
       -
       		name: "Complete schema with class system",

     

       21
       21
       +
       		name: "Initial schema with all tables and constraints",

     

       17
       22
        
       		sql: `

     

       18
       23
        
             -- Users table

     

       19
       24
        
             CREATE TABLE IF NOT EXISTS users (

     
···

       24
       29
        
               avatar TEXT DEFAULT 'd',

     

       25
       30
        
               role TEXT NOT NULL DEFAULT 'user',

     

       26
       31
        
               last_login INTEGER,

     

       32
       32
       +
               email_verified BOOLEAN DEFAULT 0,

     

       33
       33
       +
               email_notifications_enabled BOOLEAN DEFAULT 1,

     

       27
       34
        
               created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))

     

       28
       35
        
             );

     

       29
       36
        
       

     

       30
       37
        
             CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);

     

       31
       38
        
             CREATE INDEX IF NOT EXISTS idx_users_last_login ON users(last_login);

     

       39
       39
       +
             CREATE INDEX IF NOT EXISTS idx_users_email_verified ON users(email_verified);

     

       32
       40
        
       

     

       33
       41
        
             -- Sessions table

     

       34
       42
        
             CREATE TABLE IF NOT EXISTS sessions (

     
···

       84
       92
        
       

     

       85
       93
        
             CREATE INDEX IF NOT EXISTS idx_classes_semester_year ON classes(semester, year);

     

       86
       94
        
             CREATE INDEX IF NOT EXISTS idx_classes_archived ON classes(archived);

     

       95
       95
       +
             CREATE INDEX IF NOT EXISTS idx_classes_course_code ON classes(course_code);

     

       87
       96
        
       

     

       88
       97
        
             -- Class members table

     

       89
       98
        
             CREATE TABLE IF NOT EXISTS class_members (

     
···

       132
       141
        
             CREATE INDEX IF NOT EXISTS idx_transcriptions_class_id ON transcriptions(class_id);

     

       133
       142
        
             CREATE INDEX IF NOT EXISTS idx_transcriptions_status ON transcriptions(status);

     

       134
       143
        
             CREATE INDEX IF NOT EXISTS idx_transcriptions_whisper_job_id ON transcriptions(whisper_job_id);

     

       135
       135
       -
           `,

     

       136
       136
       -
       	},

     

       137
       137
       -
       	{

     

       138
       138
       -
       		version: 2,

     

       139
       139
       -
       		name: "Add section column to classes table",

     

       140
       140
       -
       		sql: `

     

       141
       141
       -
             ALTER TABLE classes ADD COLUMN section TEXT;

     

       142
       142
       -
             CREATE INDEX IF NOT EXISTS idx_classes_course_code ON classes(course_code);

     

       143
       143
       -
           `,

     

       144
       144
       -
       	},

     

       145
       145
       -
       	{

     

       146
       146
       -
       		version: 3,

     

       147
       147
       -
       		name: "Add class waitlist table",

     

       148
       148
       -
       		sql: `

     

       144
       144
       +
             CREATE INDEX IF NOT EXISTS idx_transcriptions_meeting_time_id ON transcriptions(meeting_time_id);

     

       145
       145
       +
       

     

       146
       146
       +
             -- Class waitlist table

     

       149
       147
        
             CREATE TABLE IF NOT EXISTS class_waitlist (

     

       150
       148
        
               id TEXT PRIMARY KEY,

     

       151
       149
        
               user_id INTEGER NOT NULL,

     

       152
       150
        
               course_code TEXT NOT NULL,

     

       153
       151
        
               course_name TEXT NOT NULL,

     

       154
       152
        
               professor TEXT NOT NULL,

     

       155
       155
       -
               section TEXT,

     

       156
       153
        
               semester TEXT NOT NULL,

     

       157
       154
        
               year INTEGER NOT NULL,

     

       155
       155
       +
               meeting_times TEXT,

     

       158
       156
        
               additional_info TEXT,

     

       159
       157
        
               created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       160
       158
        
               FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE

     
···

       162
       160
        
       

     

       163
       161
        
             CREATE INDEX IF NOT EXISTS idx_waitlist_user_id ON class_waitlist(user_id);

     

       164
       162
        
             CREATE INDEX IF NOT EXISTS idx_waitlist_course_code ON class_waitlist(course_code);

     

       165
       165
       -
           `,

     

       166
       166
       -
       	},

     

       167
       167
       -
       	{

     

       168
       168
       -
       		version: 4,

     

       169
       169
       -
       		name: "Add meeting_times to class_waitlist",

     

       170
       170
       -
       		sql: `

     

       171
       171
       -
             ALTER TABLE class_waitlist ADD COLUMN meeting_times TEXT;

     

       172
       172
       -
           `,

     

       173
       173
       -
       	},

     

       174
       174
       -
       	{

     

       175
       175
       -
       		version: 5,

     

       176
       176
       -
       		name: "Remove section columns",

     

       177
       177
       -
       		sql: `

     

       178
       178
       -
             DROP INDEX IF EXISTS idx_classes_section;

     

       179
       179
       -
             ALTER TABLE classes DROP COLUMN section;

     

       180
       180
       -
             ALTER TABLE class_waitlist DROP COLUMN section;

     

       181
       181
       -
           `,

     

       182
       182
       -
       	},

     

       183
       183
       -
       	{

     

       184
       184
       -
       		version: 6,

     

       185
       185
       -
       		name: "Add subscriptions table for Polar integration",

     

       186
       186
       -
       		sql: `

     

       163
       163
       +
       

     

       187
       164
        
             -- Subscriptions table

     

       188
       165
        
             CREATE TABLE IF NOT EXISTS subscriptions (

     

       189
       166
        
               id TEXT PRIMARY KEY,

     
···

       202
       179
        
             CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id);

     

       203
       180
        
             CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);

     

       204
       181
        
             CREATE INDEX IF NOT EXISTS idx_subscriptions_customer_id ON subscriptions(customer_id);

     

       205
       205
       -
           `,

     

       206
       206
       -
       	},

     

       207
       207
       -
       	{

     

       208
       208
       -
       		version: 7,

     

       209
       209
       -
       		name: "Create ghost user for deleted accounts",

     

       210
       210
       -
       		sql: `

     

       211
       211
       -
             -- Create a ghost user account for orphaned transcriptions

     

       212
       212
       -
             INSERT OR IGNORE INTO users (id, email, password_hash, name, avatar, role, created_at)

     

       213
       213
       -
             VALUES (0, 'ghosty@thistle.internal', NULL, 'Ghosty', '👻', 'user', strftime('%s', 'now'));

     

       214
       214
       -
           `,

     

       215
       215
       -
       	},

     

       216
       216
       -
       	{

     

       217
       217
       -
       		version: 8,

     

       218
       218
       -
       		name: "Add email verification system",

     

       219
       219
       -
       		sql: `

     

       220
       220
       -
             -- Add email verification flag to users

     

       221
       221
       -
             ALTER TABLE users ADD COLUMN email_verified BOOLEAN DEFAULT 0;

     

       222
       182
        
       

     

       223
       183
        
             -- Email verification tokens table

     

       224
       184
        
             CREATE TABLE IF NOT EXISTS email_verification_tokens (

     
···

       245
       205
        
       

     

       246
       206
        
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_user_id ON password_reset_tokens(user_id);

     

       247
       207
        
             CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_token ON password_reset_tokens(token);

     

       208
       208
       +
       

     

       209
       209
       +
             -- Email change tokens table

     

       210
       210
       +
             CREATE TABLE IF NOT EXISTS email_change_tokens (

     

       211
       211
       +
               id TEXT PRIMARY KEY,

     

       212
       212
       +
               user_id INTEGER NOT NULL,

     

       213
       213
       +
               new_email TEXT NOT NULL,

     

       214
       214
       +
               token TEXT NOT NULL UNIQUE,

     

       215
       215
       +
               expires_at INTEGER NOT NULL,

     

       216
       216
       +
               created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       217
       217
       +
               FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE

     

       218
       218
       +
             );

     

       219
       219
       +
       

     

       220
       220
       +
             CREATE INDEX IF NOT EXISTS idx_email_change_tokens_user_id ON email_change_tokens(user_id);

     

       221
       221
       +
             CREATE INDEX IF NOT EXISTS idx_email_change_tokens_token ON email_change_tokens(token);

     

       222
       222
       +
       

     

       223
       223
       +
             -- Create ghost user for deleted accounts

     

       224
       224
       +
             INSERT OR IGNORE INTO users (id, email, password_hash, name, avatar, role, created_at)

     

       225
       225
       +
             VALUES (0, 'ghosty@thistle.internal', NULL, 'Ghosty', '👻', 'user', strftime('%s', 'now'));

     

       248
       226
        
           `,

     

       249
       227
        
       	},

     

       250
       228
        
       	{

     

       229
       229
       +
       		version: 2,

     

       230
       230
       +
       		name: "Add sections support to classes and class members",

     

       231
       231
       +
       		sql: `

     

       232
       232
       +
       			-- Add section_number to classes (nullable for existing classes)

     

       233
       233
       +
       			ALTER TABLE classes ADD COLUMN section_number TEXT;

     

       234
       234
       +
       

     

       235
       235
       +
       			-- Add section_id to class_members (nullable - NULL means default section)

     

       236
       236
       +
       			ALTER TABLE class_members ADD COLUMN section_id TEXT;

     

       237
       237
       +
       

     

       238
       238
       +
       			-- Create sections table to track all available sections for a class

     

       239
       239
       +
       			CREATE TABLE IF NOT EXISTS class_sections (

     

       240
       240
       +
       				id TEXT PRIMARY KEY,

     

       241
       241
       +
       				class_id TEXT NOT NULL,

     

       242
       242
       +
       				section_number TEXT NOT NULL,

     

       243
       243
       +
       				created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       244
       244
       +
       				FOREIGN KEY (class_id) REFERENCES classes(id) ON DELETE CASCADE,

     

       245
       245
       +
       				UNIQUE(class_id, section_number)

     

       246
       246
       +
       			);

     

       247
       247
       +
       

     

       248
       248
       +
       			CREATE INDEX IF NOT EXISTS idx_class_sections_class_id ON class_sections(class_id);

     

       249
       249
       +
       

     

       250
       250
       +
       			-- Add section_id to transcriptions to track which section uploaded it

     

       251
       251
       +
       			ALTER TABLE transcriptions ADD COLUMN section_id TEXT;

     

       252
       252
       +
       

     

       253
       253
       +
       			CREATE INDEX IF NOT EXISTS idx_transcriptions_section_id ON transcriptions(section_id);

     

       254
       254
       +
       		`,

     

       255
       255
       +
       	},

     

       256
       256
       +
       	{

     

       257
       257
       +
       		version: 3,

     

       258
       258
       +
       		name: "Add voting system for collaborative recording selection",

     

       259
       259
       +
       		sql: `

     

       260
       260
       +
       			-- Add vote count to transcriptions

     

       261
       261
       +
       			ALTER TABLE transcriptions ADD COLUMN vote_count INTEGER NOT NULL DEFAULT 0;

     

       262
       262
       +
       

     

       263
       263
       +
       			-- Add auto-submitted flag to track if transcription was auto-selected

     

       264
       264
       +
       			ALTER TABLE transcriptions ADD COLUMN auto_submitted BOOLEAN DEFAULT 0;

     

       265
       265
       +
       

     

       266
       266
       +
       			-- Create votes table to track who voted for which recording

     

       267
       267
       +
       			CREATE TABLE IF NOT EXISTS recording_votes (

     

       268
       268
       +
       				id TEXT PRIMARY KEY,

     

       269
       269
       +
       				transcription_id TEXT NOT NULL,

     

       270
       270
       +
       				user_id INTEGER NOT NULL,

     

       271
       271
       +
       				created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       272
       272
       +
       				FOREIGN KEY (transcription_id) REFERENCES transcriptions(id) ON DELETE CASCADE,

     

       273
       273
       +
       				FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,

     

       274
       274
       +
       				UNIQUE(transcription_id, user_id)

     

       275
       275
       +
       			);

     

       276
       276
       +
       

     

       277
       277
       +
       			CREATE INDEX IF NOT EXISTS idx_recording_votes_transcription_id ON recording_votes(transcription_id);

     

       278
       278
       +
       			CREATE INDEX IF NOT EXISTS idx_recording_votes_user_id ON recording_votes(user_id);

     

       279
       279
       +
       		`,

     

       280
       280
       +
       	},

     

       281
       281
       +
       	{

     

       251
       282
        
       		version: 4,

     

       252
       252
       -
       		name: "Add email notification preferences",

     

       283
       283
       +
       		name: "Add recording_date to transcriptions for chronological ordering",

     

       253
       284
        
       		sql: `

     

       254
       254
       -
             ALTER TABLE users ADD COLUMN email_notifications_enabled BOOLEAN DEFAULT 1;

     

       255
       255
       -
           `,

     

       285
       285
       +
       			-- Add recording_date (timestamp when the recording was made, not uploaded)

     

       286
       286
       +
       			-- Defaults to created_at for existing records

     

       287
       287
       +
       			ALTER TABLE transcriptions ADD COLUMN recording_date INTEGER;

     

       288
       288
       +
       			

     

       289
       289
       +
       			-- Set recording_date to created_at for existing records

     

       290
       290
       +
       			UPDATE transcriptions SET recording_date = created_at WHERE recording_date IS NULL;

     

       291
       291
       +
       

     

       292
       292
       +
       			-- Create index for ordering by recording date

     

       293
       293
       +
       			CREATE INDEX IF NOT EXISTS idx_transcriptions_recording_date ON transcriptions(recording_date);

     

       294
       294
       +
       		`,

     

       256
       295
        
       	},

     

       257
       296
        
       ];

     

       258
       297

+3 -1

src/index.test.README.md

···

       55
       55
        
       - `PUT /api/passkeys/:id` - Update passkey name

     

       56
       56
        
       - `DELETE /api/passkeys/:id` - Delete passkey

     

       57
       57
        
       

     

       58
       58
       +
       ### Health Endpoint

     

       59
       59
       +
       - `GET /api/health` - Check service health (database, whisper, storage)

     

       60
       60
       +
       

     

       58
       61
        
       ### Transcription Endpoints

     

       59
       59
       -
       - `GET /api/transcriptions/health` - Check transcription service health

     

       60
       62
        
       - `GET /api/transcriptions` - List user transcriptions

     

       61
       63
        
       - `POST /api/transcriptions` - Upload audio file and start transcription

     

       62
       64
        
       - `GET /api/transcriptions/:id` - Get transcription details

+353 -747

src/index.test.ts

···

       6
       6
        
       	expect,

     

       7
       7
        
       	test,

     

       8
       8
        
       } from "bun:test";

     

       9
       9
       -
       import db from "./db/schema";

     

       9
       9
       +
       import type { Subprocess } from "bun";

     

       10
       10
        
       import { hashPasswordClient } from "./lib/client-auth";

     

       11
       11
        
       

     

       12
       12
       -
       // Test server URL - uses port 3001 for testing to avoid conflicts

     

       12
       12
       +
       // Test server configuration

     

       13
       13
        
       const TEST_PORT = 3001;

     

       14
       14
        
       const BASE_URL = `http://localhost:${TEST_PORT}`;

     

       15
       15
       +
       const TEST_DB_PATH = "./thistle.test.db";

     

       15
       16
        
       

     

       16
       16
       -
       // Check if server is available

     

       17
       17
       -
       let serverAvailable = false;

     

       17
       17
       +
       // Test server process

     

       18
       18
       +
       let serverProcess: Subprocess | null = null;

     

       18
       19
        
       

     

       19
       20
        
       beforeAll(async () => {

     

       21
       21
       +
       	// Clean up any existing test database

     

       20
       22
        
       	try {

     

       21
       21
       -
       		const response = await fetch(`${BASE_URL}/api/transcriptions/health`, {

     

       22
       22
       -
       			signal: AbortSignal.timeout(1000),

     

       23
       23
       -
       		});

     

       24
       24
       -
       		serverAvailable = response.ok || response.status === 404;

     

       23
       23
       +
       		await import("node:fs/promises").then((fs) => fs.unlink(TEST_DB_PATH));

     

       25
       24
        
       	} catch {

     

       26
       26
       -
       		console.warn(

     

       27
       27
       -
       			`\n⚠️  Test server not running on port ${TEST_PORT}. Start it with:\n   PORT=${TEST_PORT} bun run src/index.ts\n   Then run tests in another terminal.\n`,

     

       28
       28
       -
       		);

     

       29
       29
       -
       		serverAvailable = false;

     

       25
       25
       +
       		// Ignore if doesn't exist

     

       30
       26
        
       	}

     

       27
       27
       +
       

     

       28
       28
       +
       	// Start test server as subprocess

     

       29
       29
       +
       	serverProcess = Bun.spawn(["bun", "run", "src/index.ts"], {

     

       30
       30
       +
       		env: {

     

       31
       31
       +
       			...process.env,

     

       32
       32
       +
       			NODE_ENV: "test",

     

       33
       33
       +
       			PORT: TEST_PORT.toString(),

     

       34
       34
       +
       			SKIP_EMAILS: "true",

     

       35
       35
       +
       			SKIP_POLAR_SYNC: "true",

     

       36
       36
       +
       			// Dummy env vars to pass startup validation (won't be used due to SKIP_EMAILS/SKIP_POLAR_SYNC)

     

       37
       37
       +
       			MAILCHANNELS_API_KEY: "test-key",

     

       38
       38
       +
       			DKIM_PRIVATE_KEY: "test-key",

     

       39
       39
       +
       			LLM_API_KEY: "test-key",

     

       40
       40
       +
       			LLM_API_BASE_URL: "https://test.com",

     

       41
       41
       +
       			LLM_MODEL: "test-model",

     

       42
       42
       +
       			POLAR_ACCESS_TOKEN: "test-token",

     

       43
       43
       +
       			POLAR_ORGANIZATION_ID: "test-org",

     

       44
       44
       +
       			POLAR_PRODUCT_ID: "test-product",

     

       45
       45
       +
       			POLAR_SUCCESS_URL: "http://localhost:3001/success",

     

       46
       46
       +
       			POLAR_WEBHOOK_SECRET: "test-webhook-secret",

     

       47
       47
       +
       			ORIGIN: "http://localhost:3001",

     

       48
       48
       +
       		},

     

       49
       49
       +
       		stdout: "pipe",

     

       50
       50
       +
       		stderr: "pipe",

     

       51
       51
       +
       	});

     

       52
       52
       +
       

     

       53
       53
       +
       	// Log server output for debugging

     

       54
       54
       +
       	const stdoutReader = serverProcess.stdout.getReader();

     

       55
       55
       +
       	const stderrReader = serverProcess.stderr.getReader();

     

       56
       56
       +
       	const decoder = new TextDecoder();

     

       57
       57
       +
       

     

       58
       58
       +
       	(async () => {

     

       59
       59
       +
       		try {

     

       60
       60
       +
       			while (true) {

     

       61
       61
       +
       				const { value, done } = await stdoutReader.read();

     

       62
       62
       +
       				if (done) break;

     

       63
       63
       +
       				const text = decoder.decode(value);

     

       64
       64
       +
       				console.log("[SERVER OUT]", text.trim());

     

       65
       65
       +
       			}

     

       66
       66
       +
       		} catch {}

     

       67
       67
       +
       	})();

     

       68
       68
       +
       

     

       69
       69
       +
       	(async () => {

     

       70
       70
       +
       		try {

     

       71
       71
       +
       			while (true) {

     

       72
       72
       +
       				const { value, done } = await stderrReader.read();

     

       73
       73
       +
       				if (done) break;

     

       74
       74
       +
       				const text = decoder.decode(value);

     

       75
       75
       +
       				console.error("[SERVER ERR]", text.trim());

     

       76
       76
       +
       			}

     

       77
       77
       +
       		} catch {}

     

       78
       78
       +
       	})();

     

       79
       79
       +
       

     

       80
       80
       +
       	// Wait for server to be ready

     

       81
       81
       +
       	let retries = 30;

     

       82
       82
       +
       	let ready = false;

     

       83
       83
       +
       	while (retries > 0 && !ready) {

     

       84
       84
       +
       		try {

     

       85
       85
       +
       			const response = await fetch(`${BASE_URL}/api/health`, {

     

       86
       86
       +
       				signal: AbortSignal.timeout(1000),

     

       87
       87
       +
       			});

     

       88
       88
       +
       			if (response.ok) {

     

       89
       89
       +
       				ready = true;

     

       90
       90
       +
       				break;

     

       91
       91
       +
       			}

     

       92
       92
       +
       		} catch {

     

       93
       93
       +
       			// Server not ready yet

     

       94
       94
       +
       		}

     

       95
       95
       +
       		await new Promise((resolve) => setTimeout(resolve, 500));

     

       96
       96
       +
       		retries--;

     

       97
       97
       +
       	}

     

       98
       98
       +
       

     

       99
       99
       +
       	if (!ready) {

     

       100
       100
       +
       		throw new Error("Test server failed to start within 15 seconds");

     

       101
       101
       +
       	}

     

       102
       102
       +
       

     

       103
       103
       +
       	console.log(`✓ Test server running on port ${TEST_PORT}`);

     

       104
       104
       +
       });

     

       105
       105
       +
       

     

       106
       106
       +
       afterAll(async () => {

     

       107
       107
       +
       	// Kill test server

     

       108
       108
       +
       	if (serverProcess) {

     

       109
       109
       +
       		serverProcess.kill();

     

       110
       110
       +
       		await new Promise((resolve) => setTimeout(resolve, 1000));

     

       111
       111
       +
       	}

     

       112
       112
       +
       

     

       113
       113
       +
       	// Clean up test database

     

       114
       114
       +
       	try {

     

       115
       115
       +
       		await import("node:fs/promises").then((fs) => fs.unlink(TEST_DB_PATH));

     

       116
       116
       +
       	} catch {

     

       117
       117
       +
       		// Ignore if doesn't exist

     

       118
       118
       +
       	}

     

       119
       119
       +
       

     

       120
       120
       +
       	console.log("✓ Test server stopped and test database cleaned up");

     

       121
       121
       +
       });

     

       122
       122
       +
       

     

       123
       123
       +
       // Clear database between each test

     

       124
       124
       +
       beforeEach(async () => {

     

       125
       125
       +
       	const db = require("bun:sqlite").Database.open(TEST_DB_PATH);

     

       126
       126
       +
       

     

       127
       127
       +
       	// Delete all data from tables (preserve schema)

     

       128
       128
       +
       	db.run("DELETE FROM rate_limit_attempts");

     

       129
       129
       +
       	db.run("DELETE FROM email_change_tokens");

     

       130
       130
       +
       	db.run("DELETE FROM password_reset_tokens");

     

       131
       131
       +
       	db.run("DELETE FROM email_verification_tokens");

     

       132
       132
       +
       	db.run("DELETE FROM passkeys");

     

       133
       133
       +
       	db.run("DELETE FROM sessions");

     

       134
       134
       +
       	db.run("DELETE FROM subscriptions");

     

       135
       135
       +
       	db.run("DELETE FROM transcriptions");

     

       136
       136
       +
       	db.run("DELETE FROM class_members");

     

       137
       137
       +
       	db.run("DELETE FROM meeting_times");

     

       138
       138
       +
       	db.run("DELETE FROM classes");

     

       139
       139
       +
       	db.run("DELETE FROM class_waitlist");

     

       140
       140
       +
       	db.run("DELETE FROM users WHERE id != 0"); // Keep ghost user

     

       141
       141
       +
       

     

       142
       142
       +
       	db.close();

     

       31
       143
        
       });

     

       32
       144
        
       

     

       33
       145
        
       // Test user credentials

     
···

       81
       193
        
       	});

     

       82
       194
        
       }

     

       83
       195
        
       

     

       84
       84
       -
       // Cleanup helpers

     

       85
       85
       -
       function cleanupTestData() {

     

       86
       86
       -
       	// Delete test users and their related data (cascade will handle most of it)

     

       87
       87
       -
       	// Include 'newemail%' to catch users whose emails were updated during tests

     

       88
       88
       -
       	db.run(

     

       89
       89
       -
       		"DELETE FROM sessions WHERE user_id IN (SELECT id FROM users WHERE email LIKE 'test%' OR email LIKE 'admin@%' OR email LIKE 'newemail%')",

     

       90
       90
       -
       	);

     

       91
       91
       -
       	db.run(

     

       92
       92
       -
       		"DELETE FROM passkeys WHERE user_id IN (SELECT id FROM users WHERE email LIKE 'test%' OR email LIKE 'admin@%' OR email LIKE 'newemail%')",

     

       93
       93
       -
       	);

     

       94
       94
       -
       	db.run(

     

       95
       95
       -
       		"DELETE FROM transcriptions WHERE user_id IN (SELECT id FROM users WHERE email LIKE 'test%' OR email LIKE 'admin@%' OR email LIKE 'newemail%')",

     

       96
       96
       -
       	);

     

       97
       97
       -
       	db.run(

     

       98
       98
       -
       		"DELETE FROM users WHERE email LIKE 'test%' OR email LIKE 'admin@%' OR email LIKE 'newemail%'",

     

       99
       99
       -
       	);

     

       196
       196
       +
       // Helper to register a user, verify email, and get session via login

     

       197
       197
       +
       async function registerAndLogin(user: {

     

       198
       198
       +
       	email: string;

     

       199
       199
       +
       	password: string;

     

       200
       200
       +
       	name?: string;

     

       201
       201
       +
       }): Promise<string> {

     

       202
       202
       +
       	const hashedPassword = await clientHashPassword(user.email, user.password);

     

       203
       203
       +
       

     

       204
       204
       +
       	// Register the user

     

       205
       205
       +
       	const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       206
       206
       +
       		method: "POST",

     

       207
       207
       +
       		headers: { "Content-Type": "application/json" },

     

       208
       208
       +
       		body: JSON.stringify({

     

       209
       209
       +
       			email: user.email,

     

       210
       210
       +
       			password: hashedPassword,

     

       211
       211
       +
       			name: user.name || "Test User",

     

       212
       212
       +
       		}),

     

       213
       213
       +
       	});

     

       214
       214
       +
       

     

       215
       215
       +
       	if (registerResponse.status !== 201) {

     

       216
       216
       +
       		const error = await registerResponse.json();

     

       217
       217
       +
       		throw new Error(`Registration failed: ${JSON.stringify(error)}`);

     

       218
       218
       +
       	}

     

       219
       219
       +
       

     

       220
       220
       +
       	const registerData = await registerResponse.json();

     

       221
       221
       +
       	const userId = registerData.user.id;

     

       222
       222
       +
       

     

       223
       223
       +
       	// Mark email as verified directly in the database (test mode)

     

       224
       224
       +
       	const db = require("bun:sqlite").Database.open(TEST_DB_PATH);

     

       225
       225
       +
       	db.run("UPDATE users SET email_verified = 1 WHERE id = ?", [userId]);

     

       226
       226
       +
       	db.close();

     

       100
       227
        
       

     

       101
       101
       -
       	// Clear ALL rate limit data to prevent accumulation across tests

     

       102
       102
       -
       	// (IP-based rate limits don't contain test/admin in the key)

     

       103
       103
       -
       	db.run("DELETE FROM rate_limit_attempts");

     

       104
       104
       -
       }

     

       228
       228
       +
       	// Now login to get a session

     

       229
       229
       +
       	const loginResponse = await fetch(`${BASE_URL}/api/auth/login`, {

     

       230
       230
       +
       		method: "POST",

     

       231
       231
       +
       		headers: { "Content-Type": "application/json" },

     

       232
       232
       +
       		body: JSON.stringify({

     

       233
       233
       +
       			email: user.email,

     

       234
       234
       +
       			password: hashedPassword,

     

       235
       235
       +
       		}),

     

       236
       236
       +
       	});

     

       105
       237
        
       

     

       106
       106
       -
       beforeEach(() => {

     

       107
       107
       -
       	if (serverAvailable) {

     

       108
       108
       -
       		cleanupTestData();

     

       238
       238
       +
       	if (loginResponse.status !== 200) {

     

       239
       239
       +
       		const error = await loginResponse.json();

     

       240
       240
       +
       		throw new Error(`Login failed: ${JSON.stringify(error)}`);

     

       109
       241
        
       	}

     

       110
       110
       -
       });

     

       111
       242
        
       

     

       112
       112
       -
       afterAll(() => {

     

       113
       113
       -
       	if (serverAvailable) {

     

       114
       114
       -
       		cleanupTestData();

     

       243
       243
       +
       	return extractSessionCookie(loginResponse);

     

       244
       244
       +
       }

     

       245
       245
       +
       

     

       246
       246
       +
       // Helper to add active subscription to a user

     

       247
       247
       +
       function addSubscription(userEmail: string): void {

     

       248
       248
       +
       	const db = require("bun:sqlite").Database.open(TEST_DB_PATH);

     

       249
       249
       +
       	const user = db

     

       250
       250
       +
       		.query("SELECT id FROM users WHERE email = ?")

     

       251
       251
       +
       		.get(userEmail) as { id: number };

     

       252
       252
       +
       	if (!user) {

     

       253
       253
       +
       		db.close();

     

       254
       254
       +
       		throw new Error(`User ${userEmail} not found`);

     

       115
       255
        
       	}

     

       116
       116
       -
       });

     

       117
       256
        
       

     

       118
       118
       -
       // Helper to skip tests if server is not available

     

       119
       119
       -
       function serverTest(name: string, fn: () => void | Promise<void>) {

     

       120
       120
       -
       	test(name, async () => {

     

       121
       121
       -
       		if (!serverAvailable) {

     

       122
       122
       -
       			console.log(`⏭️  Skipping: ${name} (server not running)`);

     

       123
       123
       -
       			return;

     

       124
       124
       -
       		}

     

       125
       125
       -
       		await fn();

     

       126
       126
       -
       	});

     

       257
       257
       +
       	db.run(

     

       258
       258
       +
       		"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       259
       259
       +
       		[`test-sub-${user.id}`, user.id, `test-customer-${user.id}`, "active"],

     

       260
       260
       +
       	);

     

       261
       261
       +
       	db.close();

     

       127
       262
        
       }

     

       128
       263
        
       

     

       264
       264
       +
       // All tests run against a fresh database, no cleanup needed

     

       265
       265
       +
       

     

       129
       266
        
       describe("API Endpoints - Authentication", () => {

     

       130
       267
        
       	describe("POST /api/auth/register", () => {

     

       131
       131
       -
       		serverTest("should register a new user successfully", async () => {

     

       268
       268
       +
       		test("should register a new user successfully", async () => {

     

       132
       269
        
       			const hashedPassword = await clientHashPassword(

     

       133
       270
        
       				TEST_USER.email,

     

       134
       271
        
       				TEST_USER.password,

     
···

       144
       281
        
       				}),

     

       145
       282
        
       			});

     

       146
       283
        
       

     

       147
       147
       -
       			expect(response.status).toBe(200);

     

       284
       284
       +
       			if (response.status !== 201) {

     

       285
       285
       +
       				const error = await response.json();

     

       286
       286
       +
       				console.error("Registration failed:", response.status, error);

     

       287
       287
       +
       			}

     

       288
       288
       +
       

     

       289
       289
       +
       			expect(response.status).toBe(201);

     

       290
       290
       +
       

     

       148
       291
        
       			const data = await response.json();

     

       149
       292
        
       			expect(data.user).toBeDefined();

     

       150
       293
        
       			expect(data.user.email).toBe(TEST_USER.email);

     

       151
       151
       -
       			expect(extractSessionCookie(response)).toBeTruthy();

     

       294
       294
       +
       			expect(data.email_verification_required).toBe(true);

     

       152
       295
        
       		});

     

       153
       296
        
       

     

       154
       154
       -
       		serverTest("should reject registration with missing email", async () => {

     

       297
       297
       +
       		test("should reject registration with missing email", async () => {

     

       155
       298
        
       			const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       156
       299
        
       				method: "POST",

     

       157
       300
        
       				headers: { "Content-Type": "application/json" },

     
···

       165
       308
        
       			expect(data.error).toBe("Email and password required");

     

       166
       309
        
       		});

     

       167
       310
        
       

     

       168
       168
       -
       		serverTest(

     

       169
       169
       -
       			"should reject registration with invalid password format",

     

       170
       170
       -
       			async () => {

     

       171
       171
       -
       				const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       172
       172
       -
       					method: "POST",

     

       173
       173
       -
       					headers: { "Content-Type": "application/json" },

     

       174
       174
       -
       					body: JSON.stringify({

     

       175
       175
       -
       						email: TEST_USER.email,

     

       176
       176
       -
       						password: "short",

     

       177
       177
       -
       					}),

     

       178
       178
       -
       				});

     

       179
       179
       -
       

     

       180
       180
       -
       				expect(response.status).toBe(400);

     

       181
       181
       -
       				const data = await response.json();

     

       182
       182
       -
       				expect(data.error).toBe("Invalid password format");

     

       183
       183
       -
       			},

     

       184
       184
       -
       		);

     

       185
       185
       -
       

     

       186
       186
       -
       		serverTest("should reject duplicate email registration", async () => {

     

       187
       187
       -
       			const hashedPassword = await clientHashPassword(

     

       188
       188
       -
       				TEST_USER.email,

     

       189
       189
       -
       				TEST_USER.password,

     

       190
       190
       -
       			);

     

       191
       191
       -
       

     

       192
       192
       -
       			// First registration

     

       193
       193
       -
       			await fetch(`${BASE_URL}/api/auth/register`, {

     

       194
       194
       -
       				method: "POST",

     

       195
       195
       -
       				headers: { "Content-Type": "application/json" },

     

       196
       196
       -
       				body: JSON.stringify({

     

       197
       197
       -
       					email: TEST_USER.email,

     

       198
       198
       -
       					password: hashedPassword,

     

       199
       199
       -
       					name: TEST_USER.name,

     

       200
       200
       -
       				}),

     

       201
       201
       -
       			});

     

       202
       202
       -
       

     

       203
       203
       -
       			// Duplicate registration

     

       311
       311
       +
       		test("should reject registration with invalid password format", async () => {

     

       204
       312
        
       			const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       205
       313
        
       				method: "POST",

     

       206
       314
        
       				headers: { "Content-Type": "application/json" },

     

       207
       315
        
       				body: JSON.stringify({

     

       208
       316
        
       					email: TEST_USER.email,

     

       209
       209
       -
       					password: hashedPassword,

     

       210
       210
       -
       					name: TEST_USER.name,

     

       317
       317
       +
       					password: "short",

     

       211
       318
        
       				}),

     

       212
       319
        
       			});

     

       213
       320
        
       

     

       214
       321
        
       			expect(response.status).toBe(400);

     

       215
       322
        
       			const data = await response.json();

     

       216
       216
       -
       			expect(data.error).toBe("Email already registered");

     

       323
       323
       +
       			expect(data.error).toBe("Invalid password format");

     

       217
       324
        
       		});

     

       218
       325
        
       

     

       219
       219
       -
       		serverTest("should enforce rate limiting on registration", async () => {

     

       220
       220
       -
       			const hashedPassword = await clientHashPassword(

     

       221
       221
       -
       				"test@example.com",

     

       222
       222
       -
       				"password",

     

       223
       223
       -
       			);

     

       224
       224
       -
       

     

       225
       225
       -
       			// Make registration attempts until rate limit is hit (limit is 5 per hour)

     

       226
       226
       -
       			let rateLimitHit = false;

     

       227
       227
       -
       			for (let i = 0; i < 10; i++) {

     

       228
       228
       -
       				const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       229
       229
       -
       					method: "POST",

     

       230
       230
       -
       					headers: { "Content-Type": "application/json" },

     

       231
       231
       -
       					body: JSON.stringify({

     

       232
       232
       -
       						email: `test${i}@example.com`,

     

       233
       233
       -
       						password: hashedPassword,

     

       234
       234
       -
       					}),

     

       235
       235
       -
       				});

     

       236
       236
       -
       

     

       237
       237
       -
       				if (response.status === 429) {

     

       238
       238
       -
       					rateLimitHit = true;

     

       239
       239
       -
       					break;

     

       240
       240
       -
       				}

     

       241
       241
       -
       			}

     

       242
       242
       -
       

     

       243
       243
       -
       			// Verify that rate limiting was triggered

     

       244
       244
       -
       			expect(rateLimitHit).toBe(true);

     

       245
       245
       -
       		});

     

       246
       246
       -
       	});

     

       247
       247
       -
       

     

       248
       248
       -
       	describe("POST /api/auth/login", () => {

     

       249
       249
       -
       		serverTest("should login successfully with valid credentials", async () => {

     

       250
       250
       -
       			// Register user first

     

       326
       326
       +
       		test("should reject duplicate email registration", async () => {

     

       251
       327
        
       			const hashedPassword = await clientHashPassword(

     

       252
       328
        
       				TEST_USER.email,

     

       253
       329
        
       				TEST_USER.password,

     

       254
       330
        
       			);

     

       331
       331
       +
       

     

       332
       332
       +
       			// First registration

     

       255
       333
        
       			await fetch(`${BASE_URL}/api/auth/register`, {

     

       256
       334
        
       				method: "POST",

     

       257
       335
        
       				headers: { "Content-Type": "application/json" },

     
···

       262
       340
        
       				}),

     

       263
       341
        
       			});

     

       264
       342
        
       

     

       265
       265
       -
       			// Login

     

       266
       266
       -
       			const response = await fetch(`${BASE_URL}/api/auth/login`, {

     

       343
       343
       +
       			// Duplicate registration

     

       344
       344
       +
       			const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       267
       345
        
       				method: "POST",

     

       268
       346
        
       				headers: { "Content-Type": "application/json" },

     

       269
       347
        
       				body: JSON.stringify({

     

       270
       348
        
       					email: TEST_USER.email,

     

       271
       349
        
       					password: hashedPassword,

     

       350
       350
       +
       					name: TEST_USER.name,

     

       272
       351
        
       				}),

     

       273
       352
        
       			});

     

       274
       353
        
       

     

       275
       275
       -
       			expect(response.status).toBe(200);

     

       354
       354
       +
       			expect(response.status).toBe(409);

     

       276
       355
        
       			const data = await response.json();

     

       277
       277
       -
       			expect(data.user).toBeDefined();

     

       278
       278
       -
       			expect(data.user.email).toBe(TEST_USER.email);

     

       279
       279
       -
       			expect(extractSessionCookie(response)).toBeTruthy();

     

       356
       356
       +
       			expect(data.error).toBe("Email already registered");

     

       280
       357
        
       		});

     

       281
       358
        
       

     

       282
       282
       -
       		serverTest("should reject login with invalid credentials", async () => {

     

       283
       283
       -
       			// Register user first

     

       359
       359
       +
       		test("should enforce rate limiting on registration", async () => {

     

       284
       360
        
       			const hashedPassword = await clientHashPassword(

     

       285
       285
       -
       				TEST_USER.email,

     

       286
       286
       -
       				TEST_USER.password,

     

       361
       361
       +
       				"ratelimit@example.com",

     

       362
       362
       +
       				"password",

     

       287
       363
        
       			);

     

       364
       364
       +
       

     

       365
       365
       +
       			// First registration succeeds

     

       288
       366
        
       			await fetch(`${BASE_URL}/api/auth/register`, {

     

       289
       367
        
       				method: "POST",

     

       290
       368
        
       				headers: { "Content-Type": "application/json" },

     

       291
       369
        
       				body: JSON.stringify({

     

       292
       292
       -
       					email: TEST_USER.email,

     

       370
       370
       +
       					email: "ratelimit@example.com",

     

       293
       371
        
       					password: hashedPassword,

     

       294
       372
        
       				}),

     

       295
       373
        
       			});

     

       296
       374
        
       

     

       297
       297
       -
       			// Login with wrong password

     

       298
       298
       -
       			const wrongPassword = await clientHashPassword(

     

       299
       299
       -
       				TEST_USER.email,

     

       300
       300
       -
       				"WrongPassword123!",

     

       301
       301
       -
       			);

     

       302
       302
       -
       			const response = await fetch(`${BASE_URL}/api/auth/login`, {

     

       303
       303
       -
       				method: "POST",

     

       304
       304
       -
       				headers: { "Content-Type": "application/json" },

     

       305
       305
       -
       				body: JSON.stringify({

     

       306
       306
       -
       					email: TEST_USER.email,

     

       307
       307
       -
       					password: wrongPassword,

     

       308
       308
       -
       				}),

     

       309
       309
       -
       			});

     

       310
       310
       -
       

     

       311
       311
       -
       			expect(response.status).toBe(401);

     

       312
       312
       -
       			const data = await response.json();

     

       313
       313
       -
       			expect(data.error).toBe("Invalid email or password");

     

       314
       314
       -
       		});

     

       315
       315
       -
       

     

       316
       316
       -
       		serverTest("should reject login with missing fields", async () => {

     

       317
       317
       -
       			const response = await fetch(`${BASE_URL}/api/auth/login`, {

     

       318
       318
       -
       				method: "POST",

     

       319
       319
       -
       				headers: { "Content-Type": "application/json" },

     

       320
       320
       -
       				body: JSON.stringify({

     

       321
       321
       -
       					email: TEST_USER.email,

     

       322
       322
       -
       				}),

     

       323
       323
       -
       			});

     

       324
       324
       -
       

     

       325
       325
       -
       			expect(response.status).toBe(400);

     

       326
       326
       -
       			const data = await response.json();

     

       327
       327
       -
       			expect(data.error).toBe("Email and password required");

     

       328
       328
       -
       		});

     

       329
       329
       -
       

     

       330
       330
       -
       		serverTest("should enforce rate limiting on login attempts", async () => {

     

       331
       331
       -
       			const hashedPassword = await clientHashPassword(

     

       332
       332
       -
       				TEST_USER.email,

     

       333
       333
       -
       				TEST_USER.password,

     

       334
       334
       -
       			);

     

       335
       335
       -
       

     

       336
       336
       -
       			// Make 11 login attempts (limit is 10 per 15 minutes per IP)

     

       375
       375
       +
       			// Try to register same email 10 more times (will fail with 400 but count toward rate limit)

     

       376
       376
       +
       			// Rate limit is 5 per 30 min from same IP

     

       337
       377
        
       			let rateLimitHit = false;

     

       338
       338
       -
       			for (let i = 0; i < 11; i++) {

     

       339
       339
       -
       				const response = await fetch(`${BASE_URL}/api/auth/login`, {

     

       378
       378
       +
       			for (let i = 0; i < 10; i++) {

     

       379
       379
       +
       				const response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       340
       380
        
       					method: "POST",

     

       341
       381
        
       					headers: { "Content-Type": "application/json" },

     

       342
       382
        
       					body: JSON.stringify({

     

       343
       343
       -
       						email: TEST_USER.email,

     

       383
       383
       +
       						email: "ratelimit@example.com",

     

       344
       384
        
       						password: hashedPassword,

     

       345
       385
        
       					}),

     

       346
       386
        
       				});

     
···

       356
       396
        
       		});

     

       357
       397
        
       	});

     

       358
       398
        
       

     

       359
       359
       -
       	describe("POST /api/auth/logout", () => {

     

       360
       360
       -
       		serverTest("should logout successfully", async () => {

     

       399
       399
       +
       	describe("POST /api/auth/login", () => {

     

       400
       400
       +
       		test("should login successfully with valid credentials", async () => {

     

       361
       401
        
       			// Register and login

     

       362
       362
       -
       			const hashedPassword = await clientHashPassword(

     

       363
       363
       -
       				TEST_USER.email,

     

       364
       364
       -
       				TEST_USER.password,

     

       365
       365
       -
       			);

     

       366
       366
       -
       			const loginResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       367
       367
       -
       				method: "POST",

     

       368
       368
       -
       				headers: { "Content-Type": "application/json" },

     

       369
       369
       -
       				body: JSON.stringify({

     

       370
       370
       -
       					email: TEST_USER.email,

     

       371
       371
       -
       					password: hashedPassword,

     

       372
       372
       -
       				}),

     

       373
       373
       -
       			});

     

       374
       374
       -
       			const sessionCookie = extractSessionCookie(loginResponse);

     

       375
       375
       -
       

     

       376
       376
       -
       			// Logout

     

       377
       377
       -
       			const response = await authRequest(

     

       378
       378
       -
       				`${BASE_URL}/api/auth/logout`,

     

       379
       379
       -
       				sessionCookie,

     

       380
       380
       -
       				{

     

       381
       381
       -
       					method: "POST",

     

       382
       382
       -
       				},

     

       383
       383
       -
       			);

     

       384
       384
       -
       

     

       385
       385
       -
       			expect(response.status).toBe(200);

     

       386
       386
       -
       			const data = await response.json();

     

       387
       387
       -
       			expect(data.success).toBe(true);

     

       388
       388
       -
       

     

       389
       389
       -
       			// Verify cookie is cleared

     

       390
       390
       -
       			const setCookie = response.headers.get("set-cookie");

     

       391
       391
       -
       			expect(setCookie).toContain("Max-Age=0");

     

       392
       392
       -
       		});

     

       393
       393
       -
       

     

       394
       394
       -
       		serverTest("should logout even without valid session", async () => {

     

       395
       395
       -
       			const response = await fetch(`${BASE_URL}/api/auth/logout`, {

     

       396
       396
       -
       				method: "POST",

     

       397
       397
       -
       			});

     

       398
       398
       -
       

     

       399
       399
       -
       			expect(response.status).toBe(200);

     

       400
       400
       -
       			const data = await response.json();

     

       401
       401
       -
       			expect(data.success).toBe(true);

     

       402
       402
       -
       		});

     

       403
       403
       -
       	});

     

       404
       404
       -
       

     

       405
       405
       -
       	describe("GET /api/auth/me", () => {

     

       406
       406
       -
       		serverTest(

     

       407
       407
       -
       			"should return current user info when authenticated",

     

       408
       408
       -
       			async () => {

     

       409
       409
       -
       				// Register user

     

       410
       410
       -
       				const hashedPassword = await clientHashPassword(

     

       411
       411
       -
       					TEST_USER.email,

     

       412
       412
       -
       					TEST_USER.password,

     

       413
       413
       -
       				);

     

       414
       414
       -
       				const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       415
       415
       -
       					method: "POST",

     

       416
       416
       -
       					headers: { "Content-Type": "application/json" },

     

       417
       417
       -
       					body: JSON.stringify({

     

       418
       418
       -
       						email: TEST_USER.email,

     

       419
       419
       -
       						password: hashedPassword,

     

       420
       420
       -
       						name: TEST_USER.name,

     

       421
       421
       -
       					}),

     

       422
       422
       -
       				});

     

       423
       423
       -
       				const sessionCookie = extractSessionCookie(registerResponse);

     

       424
       424
       -
       

     

       425
       425
       -
       				// Get current user

     

       426
       426
       -
       				const response = await authRequest(

     

       427
       427
       -
       					`${BASE_URL}/api/auth/me`,

     

       428
       428
       -
       					sessionCookie,

     

       429
       429
       -
       				);

     

       430
       430
       -
       

     

       431
       431
       -
       				expect(response.status).toBe(200);

     

       432
       432
       -
       				const data = await response.json();

     

       433
       433
       -
       				expect(data.email).toBe(TEST_USER.email);

     

       434
       434
       -
       				expect(data.name).toBe(TEST_USER.name);

     

       435
       435
       -
       				expect(data.role).toBeDefined();

     

       436
       436
       -
       			},

     

       437
       437
       -
       		);

     

       438
       438
       -
       

     

       439
       439
       -
       		serverTest("should return 401 when not authenticated", async () => {

     

       440
       440
       -
       			const response = await fetch(`${BASE_URL}/api/auth/me`);

     

       441
       441
       -
       

     

       442
       442
       -
       			expect(response.status).toBe(401);

     

       443
       443
       -
       			const data = await response.json();

     

       444
       444
       -
       			expect(data.error).toBe("Not authenticated");

     

       445
       445
       -
       		});

     

       446
       446
       -
       

     

       447
       447
       -
       		serverTest("should return 401 with invalid session", async () => {

     

       448
       448
       -
       			const response = await authRequest(

     

       449
       449
       -
       				`${BASE_URL}/api/auth/me`,

     

       450
       450
       -
       				"invalid-session",

     

       451
       451
       -
       			);

     

       452
       452
       -
       

     

       453
       453
       -
       			expect(response.status).toBe(401);

     

       454
       454
       -
       			const data = await response.json();

     

       455
       455
       -
       			expect(data.error).toBe("Invalid session");

     

       456
       456
       -
       		});

     

       457
       457
       -
       	});

     

       458
       458
       -
       });

     

       459
       459
       -
       

     

       460
       460
       -
       describe("API Endpoints - Session Management", () => {

     

       461
       461
       -
       	describe("GET /api/sessions", () => {

     

       462
       462
       -
       		serverTest("should return user sessions", async () => {

     

       463
       463
       -
       			// Register user

     

       464
       464
       -
       			const hashedPassword = await clientHashPassword(

     

       465
       465
       -
       				TEST_USER.email,

     

       466
       466
       -
       				TEST_USER.password,

     

       467
       467
       -
       			);

     

       468
       468
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       469
       469
       -
       				method: "POST",

     

       470
       470
       -
       				headers: { "Content-Type": "application/json" },

     

       471
       471
       -
       				body: JSON.stringify({

     

       472
       472
       -
       					email: TEST_USER.email,

     

       473
       473
       -
       					password: hashedPassword,

     

       474
       474
       -
       				}),

     

       475
       475
       -
       			});

     

       476
       476
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       477
       477
       -
       

     

       478
       478
       -
       			// Get sessions

     

       479
       479
       -
       			const response = await authRequest(

     

       480
       480
       -
       				`${BASE_URL}/api/sessions`,

     

       481
       481
       -
       				sessionCookie,

     

       482
       482
       -
       			);

     

       483
       483
       -
       

     

       484
       484
       -
       			expect(response.status).toBe(200);

     

       485
       485
       -
       			const data = await response.json();

     

       486
       486
       -
       			expect(data.sessions).toBeDefined();

     

       487
       487
       -
       			expect(data.sessions.length).toBeGreaterThan(0);

     

       488
       488
       -
       			expect(data.sessions[0]).toHaveProperty("id");

     

       489
       489
       -
       			expect(data.sessions[0]).toHaveProperty("ip_address");

     

       490
       490
       -
       			expect(data.sessions[0]).toHaveProperty("user_agent");

     

       491
       491
       -
       		});

     

       492
       492
       -
       

     

       493
       493
       -
       		serverTest("should require authentication", async () => {

     

       494
       494
       -
       			const response = await fetch(`${BASE_URL}/api/sessions`);

     

       495
       495
       -
       

     

       496
       496
       -
       			expect(response.status).toBe(401);

     

       497
       497
       -
       		});

     

       498
       498
       -
       	});

     

       499
       499
       -
       

     

       500
       500
       -
       	describe("DELETE /api/sessions", () => {

     

       501
       501
       -
       		serverTest("should delete specific session", async () => {

     

       502
       502
       -
       			// Register user and create multiple sessions

     

       503
       503
       -
       			const hashedPassword = await clientHashPassword(

     

       504
       504
       -
       				TEST_USER.email,

     

       505
       505
       -
       				TEST_USER.password,

     

       506
       506
       -
       			);

     

       507
       507
       -
       			const session1Response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       508
       508
       -
       				method: "POST",

     

       509
       509
       -
       				headers: { "Content-Type": "application/json" },

     

       510
       510
       -
       				body: JSON.stringify({

     

       511
       511
       -
       					email: TEST_USER.email,

     

       512
       512
       -
       					password: hashedPassword,

     

       513
       513
       -
       				}),

     

       514
       514
       -
       			});

     

       515
       515
       -
       			const session1Cookie = extractSessionCookie(session1Response);

     

       516
       516
       -
       

     

       517
       517
       -
       			const session2Response = await fetch(`${BASE_URL}/api/auth/login`, {

     

       518
       518
       -
       				method: "POST",

     

       519
       519
       -
       				headers: { "Content-Type": "application/json" },

     

       520
       520
       -
       				body: JSON.stringify({

     

       521
       521
       -
       					email: TEST_USER.email,

     

       522
       522
       -
       					password: hashedPassword,

     

       523
       523
       -
       				}),

     

       524
       524
       -
       			});

     

       525
       525
       -
       			const session2Cookie = extractSessionCookie(session2Response);

     

       526
       526
       -
       

     

       527
       527
       -
       			// Get sessions list

     

       528
       528
       -
       			const sessionsResponse = await authRequest(

     

       529
       529
       -
       				`${BASE_URL}/api/sessions`,

     

       530
       530
       -
       				session1Cookie,

     

       531
       531
       -
       			);

     

       532
       532
       -
       			const sessionsData = await sessionsResponse.json();

     

       533
       533
       -
       			const targetSessionId = sessionsData.sessions.find(

     

       534
       534
       -
       				(s: { id: string }) => s.id === session2Cookie,

     

       535
       535
       -
       			)?.id;

     

       536
       536
       -
       

     

       537
       537
       -
       			// Delete session 2

     

       538
       538
       -
       			const response = await authRequest(

     

       539
       539
       -
       				`${BASE_URL}/api/sessions`,

     

       540
       540
       -
       				session1Cookie,

     

       541
       541
       -
       				{

     

       542
       542
       -
       					method: "DELETE",

     

       543
       543
       -
       					headers: { "Content-Type": "application/json" },

     

       544
       544
       -
       					body: JSON.stringify({ sessionId: targetSessionId }),

     

       545
       545
       -
       				},

     

       546
       546
       -
       			);

     

       547
       547
       -
       

     

       548
       548
       -
       			expect(response.status).toBe(200);

     

       549
       549
       -
       			const data = await response.json();

     

       550
       550
       -
       			expect(data.success).toBe(true);

     

       551
       551
       -
       

     

       552
       552
       -
       			// Verify session 2 is deleted

     

       553
       553
       -
       			const verifyResponse = await authRequest(

     

       554
       554
       -
       				`${BASE_URL}/api/auth/me`,

     

       555
       555
       -
       				session2Cookie,

     

       556
       556
       -
       			);

     

       557
       557
       -
       			expect(verifyResponse.status).toBe(401);

     

       558
       558
       -
       		});

     

       559
       559
       -
       

     

       560
       560
       -
       		serverTest("should not delete another user's session", async () => {

     

       561
       561
       -
       			// Register two users

     

       562
       562
       -
       			const hashedPassword1 = await clientHashPassword(

     

       563
       563
       -
       				TEST_USER.email,

     

       564
       564
       -
       				TEST_USER.password,

     

       565
       565
       -
       			);

     

       566
       566
       -
       			const user1Response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       567
       567
       -
       				method: "POST",

     

       568
       568
       -
       				headers: { "Content-Type": "application/json" },

     

       569
       569
       -
       				body: JSON.stringify({

     

       570
       570
       -
       					email: TEST_USER.email,

     

       571
       571
       -
       					password: hashedPassword1,

     

       572
       572
       -
       				}),

     

       573
       573
       -
       			});

     

       574
       574
       -
       			const user1Cookie = extractSessionCookie(user1Response);

     

       575
       575
       -
       

     

       576
       576
       -
       			const hashedPassword2 = await clientHashPassword(

     

       577
       577
       -
       				TEST_USER_2.email,

     

       578
       578
       -
       				TEST_USER_2.password,

     

       579
       579
       -
       			);

     

       580
       580
       -
       			const user2Response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       581
       581
       -
       				method: "POST",

     

       582
       582
       -
       				headers: { "Content-Type": "application/json" },

     

       583
       583
       -
       				body: JSON.stringify({

     

       584
       584
       -
       					email: TEST_USER_2.email,

     

       585
       585
       -
       					password: hashedPassword2,

     

       586
       586
       -
       				}),

     

       587
       587
       -
       			});

     

       588
       588
       -
       			const user2Cookie = extractSessionCookie(user2Response);

     

       589
       589
       -
       

     

       590
       590
       -
       			// Try to delete user2's session using user1's credentials

     

       591
       591
       -
       			const response = await authRequest(

     

       592
       592
       -
       				`${BASE_URL}/api/sessions`,

     

       593
       593
       -
       				user1Cookie,

     

       594
       594
       -
       				{

     

       595
       595
       -
       					method: "DELETE",

     

       596
       596
       -
       					headers: { "Content-Type": "application/json" },

     

       597
       597
       -
       					body: JSON.stringify({ sessionId: user2Cookie }),

     

       598
       598
       -
       				},

     

       599
       599
       -
       			);

     

       600
       600
       -
       

     

       601
       601
       -
       			expect(response.status).toBe(404);

     

       602
       602
       -
       		});

     

       603
       603
       -
       

     

       604
       604
       -
       		serverTest("should not delete current session", async () => {

     

       605
       605
       -
       			// Register user

     

       606
       606
       -
       			const hashedPassword = await clientHashPassword(

     

       607
       607
       -
       				TEST_USER.email,

     

       608
       608
       -
       				TEST_USER.password,

     

       609
       609
       -
       			);

     

       610
       610
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       611
       611
       -
       				method: "POST",

     

       612
       612
       -
       				headers: { "Content-Type": "application/json" },

     

       613
       613
       -
       				body: JSON.stringify({

     

       614
       614
       -
       					email: TEST_USER.email,

     

       615
       615
       -
       					password: hashedPassword,

     

       616
       616
       -
       				}),

     

       617
       617
       -
       			});

     

       618
       618
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       402
       402
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       619
       403
        
       

     

       620
       404
        
       			// Try to delete own current session

     

       621
       405
        
       			const response = await authRequest(

     
···

       637
       421
        
       

     

       638
       422
        
       describe("API Endpoints - User Management", () => {

     

       639
       423
        
       	describe("DELETE /api/user", () => {

     

       640
       640
       -
       		serverTest("should delete user account", async () => {

     

       641
       641
       -
       			// Register user

     

       642
       642
       -
       			const hashedPassword = await clientHashPassword(

     

       643
       643
       -
       				TEST_USER.email,

     

       644
       644
       -
       				TEST_USER.password,

     

       645
       645
       -
       			);

     

       646
       646
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       647
       647
       -
       				method: "POST",

     

       648
       648
       -
       				headers: { "Content-Type": "application/json" },

     

       649
       649
       -
       				body: JSON.stringify({

     

       650
       650
       -
       					email: TEST_USER.email,

     

       651
       651
       -
       					password: hashedPassword,

     

       652
       652
       -
       				}),

     

       653
       653
       -
       			});

     

       654
       654
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       424
       424
       +
       		test("should delete user account", async () => {

     

       425
       425
       +
       			// Register and login

     

       426
       426
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       655
       427
        
       

     

       656
       428
        
       			// Delete account

     

       657
       429
        
       			const response = await authRequest(

     
···

       662
       434
        
       				},

     

       663
       435
        
       			);

     

       664
       436
        
       

     

       665
       665
       -
       			expect(response.status).toBe(200);

     

       666
       666
       -
       			const data = await response.json();

     

       667
       667
       -
       			expect(data.success).toBe(true);

     

       437
       437
       +
       			expect(response.status).toBe(204);

     

       668
       438
        
       

     

       669
       439
        
       			// Verify user is deleted

     

       670
       440
        
       			const verifyResponse = await authRequest(

     
···

       674
       444
        
       			expect(verifyResponse.status).toBe(401);

     

       675
       445
        
       		});

     

       676
       446
        
       

     

       677
       677
       -
       		serverTest("should require authentication", async () => {

     

       447
       447
       +
       		test("should require authentication", async () => {

     

       678
       448
        
       			const response = await fetch(`${BASE_URL}/api/user`, {

     

       679
       449
        
       				method: "DELETE",

     

       680
       450
        
       			});

     
···

       684
       454
        
       	});

     

       685
       455
        
       

     

       686
       456
        
       	describe("PUT /api/user/email", () => {

     

       687
       687
       -
       		serverTest("should update user email", async () => {

     

       688
       688
       -
       			// Register user

     

       689
       689
       -
       			const hashedPassword = await clientHashPassword(

     

       690
       690
       -
       				TEST_USER.email,

     

       691
       691
       -
       				TEST_USER.password,

     

       692
       692
       -
       			);

     

       693
       693
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       694
       694
       -
       				method: "POST",

     

       695
       695
       -
       				headers: { "Content-Type": "application/json" },

     

       696
       696
       -
       				body: JSON.stringify({

     

       697
       697
       -
       					email: TEST_USER.email,

     

       698
       698
       -
       					password: hashedPassword,

     

       699
       699
       -
       				}),

     

       700
       700
       -
       			});

     

       701
       701
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       457
       457
       +
       		test("should update user email", async () => {

     

       458
       458
       +
       			// Register and login

     

       459
       459
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       702
       460
        
       

     

       703
       703
       -
       			// Update email

     

       461
       461
       +
       			// Update email - this creates a token but doesn't change email yet

     

       704
       462
        
       			const newEmail = "newemail@example.com";

     

       705
       463
        
       			const response = await authRequest(

     

       706
       464
        
       				`${BASE_URL}/api/user/email`,

     
···

       716
       474
        
       			const data = await response.json();

     

       717
       475
        
       			expect(data.success).toBe(true);

     

       718
       476
        
       

     

       477
       477
       +
       			// Manually complete the email change in the database (simulating verification)

     

       478
       478
       +
       			const db = require("bun:sqlite").Database.open(TEST_DB_PATH);

     

       479
       479
       +
       			const tokenData = db

     

       480
       480
       +
       				.query(

     

       481
       481
       +
       					"SELECT user_id, new_email FROM email_change_tokens ORDER BY created_at DESC LIMIT 1",

     

       482
       482
       +
       				)

     

       483
       483
       +
       				.get() as { user_id: number; new_email: string };

     

       484
       484
       +
       			db.run("UPDATE users SET email = ?, email_verified = 1 WHERE id = ?", [

     

       485
       485
       +
       				tokenData.new_email,

     

       486
       486
       +
       				tokenData.user_id,

     

       487
       487
       +
       			]);

     

       488
       488
       +
       			db.run("DELETE FROM email_change_tokens WHERE user_id = ?", [

     

       489
       489
       +
       				tokenData.user_id,

     

       490
       490
       +
       			]);

     

       491
       491
       +
       			db.close();

     

       492
       492
       +
       

     

       719
       493
        
       			// Verify email updated

     

       720
       494
        
       			const meResponse = await authRequest(

     

       721
       495
        
       				`${BASE_URL}/api/auth/me`,

     
···

       725
       499
        
       			expect(meData.email).toBe(newEmail);

     

       726
       500
        
       		});

     

       727
       501
        
       

     

       728
       728
       -
       		serverTest("should reject duplicate email", async () => {

     

       502
       502
       +
       		test("should reject duplicate email", async () => {

     

       729
       503
        
       			// Register two users

     

       730
       730
       -
       			const hashedPassword1 = await clientHashPassword(

     

       731
       731
       -
       				TEST_USER.email,

     

       732
       732
       -
       				TEST_USER.password,

     

       733
       733
       -
       			);

     

       734
       734
       -
       			await fetch(`${BASE_URL}/api/auth/register`, {

     

       735
       735
       -
       				method: "POST",

     

       736
       736
       -
       				headers: { "Content-Type": "application/json" },

     

       737
       737
       -
       				body: JSON.stringify({

     

       738
       738
       -
       					email: TEST_USER.email,

     

       739
       739
       -
       					password: hashedPassword1,

     

       740
       740
       -
       				}),

     

       741
       741
       -
       			});

     

       742
       742
       -
       

     

       743
       743
       -
       			const hashedPassword2 = await clientHashPassword(

     

       744
       744
       -
       				TEST_USER_2.email,

     

       745
       745
       -
       				TEST_USER_2.password,

     

       746
       746
       -
       			);

     

       747
       747
       -
       			const user2Response = await fetch(`${BASE_URL}/api/auth/register`, {

     

       748
       748
       -
       				method: "POST",

     

       749
       749
       -
       				headers: { "Content-Type": "application/json" },

     

       750
       750
       -
       				body: JSON.stringify({

     

       751
       751
       -
       					email: TEST_USER_2.email,

     

       752
       752
       -
       					password: hashedPassword2,

     

       753
       753
       -
       				}),

     

       754
       754
       -
       			});

     

       755
       755
       -
       			const user2Cookie = extractSessionCookie(user2Response);

     

       504
       504
       +
       			await registerAndLogin(TEST_USER);

     

       505
       505
       +
       			const user2Cookie = await registerAndLogin(TEST_USER_2);

     

       756
       506
        
       

     

       757
       507
        
       			// Try to update user2's email to user1's email

     

       758
       508
        
       			const response = await authRequest(

     
···

       765
       515
        
       				},

     

       766
       516
        
       			);

     

       767
       517
        
       

     

       768
       768
       -
       			expect(response.status).toBe(400);

     

       518
       518
       +
       			expect(response.status).toBe(409);

     

       769
       519
        
       			const data = await response.json();

     

       770
       520
        
       			expect(data.error).toBe("Email already in use");

     

       771
       521
        
       		});

     

       772
       522
        
       	});

     

       773
       523
        
       

     

       774
       524
        
       	describe("PUT /api/user/password", () => {

     

       775
       775
       -
       		serverTest("should update user password", async () => {

     

       776
       776
       -
       			// Register user

     

       777
       777
       -
       			const hashedPassword = await clientHashPassword(

     

       778
       778
       -
       				TEST_USER.email,

     

       779
       779
       -
       				TEST_USER.password,

     

       780
       780
       -
       			);

     

       781
       781
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       782
       782
       -
       				method: "POST",

     

       783
       783
       -
       				headers: { "Content-Type": "application/json" },

     

       784
       784
       -
       				body: JSON.stringify({

     

       785
       785
       -
       					email: TEST_USER.email,

     

       786
       786
       -
       					password: hashedPassword,

     

       787
       787
       -
       				}),

     

       788
       788
       -
       			});

     

       789
       789
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       525
       525
       +
       		test("should update user password", async () => {

     

       526
       526
       +
       			// Register and login

     

       527
       527
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       790
       528
        
       

     

       791
       529
        
       			// Update password

     

       792
       530
        
       			const newPassword = await clientHashPassword(

     
···

       819
       557
        
       			expect(loginResponse.status).toBe(200);

     

       820
       558
        
       		});

     

       821
       559
        
       

     

       822
       822
       -
       		serverTest("should reject invalid password format", async () => {

     

       823
       823
       -
       			// Register user

     

       824
       824
       -
       			const hashedPassword = await clientHashPassword(

     

       825
       825
       -
       				TEST_USER.email,

     

       826
       826
       -
       				TEST_USER.password,

     

       827
       827
       -
       			);

     

       828
       828
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       829
       829
       -
       				method: "POST",

     

       830
       830
       -
       				headers: { "Content-Type": "application/json" },

     

       831
       831
       -
       				body: JSON.stringify({

     

       832
       832
       -
       					email: TEST_USER.email,

     

       833
       833
       -
       					password: hashedPassword,

     

       834
       834
       -
       				}),

     

       835
       835
       -
       			});

     

       836
       836
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       560
       560
       +
       		test("should reject invalid password format", async () => {

     

       561
       561
       +
       			// Register and login

     

       562
       562
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       837
       563
        
       

     

       838
       564
        
       			// Try to update with invalid format

     

       839
       565
        
       			const response = await authRequest(

     
···

       853
       579
        
       	});

     

       854
       580
        
       

     

       855
       581
        
       	describe("PUT /api/user/name", () => {

     

       856
       856
       -
       		serverTest("should update user name", async () => {

     

       857
       857
       -
       			// Register user

     

       858
       858
       -
       			const hashedPassword = await clientHashPassword(

     

       859
       859
       -
       				TEST_USER.email,

     

       860
       860
       -
       				TEST_USER.password,

     

       861
       861
       -
       			);

     

       862
       862
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       863
       863
       -
       				method: "POST",

     

       864
       864
       -
       				headers: { "Content-Type": "application/json" },

     

       865
       865
       -
       				body: JSON.stringify({

     

       866
       866
       -
       					email: TEST_USER.email,

     

       867
       867
       -
       					password: hashedPassword,

     

       868
       868
       -
       					name: TEST_USER.name,

     

       869
       869
       -
       				}),

     

       870
       870
       -
       			});

     

       871
       871
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       582
       582
       +
       		test("should update user name", async () => {

     

       583
       583
       +
       			// Register and login

     

       584
       584
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       872
       585
        
       

     

       873
       586
        
       			// Update name

     

       874
       587
        
       			const newName = "Updated Name";

     
···

       883
       596
        
       			);

     

       884
       597
        
       

     

       885
       598
        
       			expect(response.status).toBe(200);

     

       886
       886
       -
       			const data = await response.json();

     

       887
       887
       -
       			expect(data.success).toBe(true);

     

       888
       599
        
       

     

       889
       600
        
       			// Verify name updated

     

       890
       601
        
       			const meResponse = await authRequest(

     
···

       895
       606
        
       			expect(meData.name).toBe(newName);

     

       896
       607
        
       		});

     

       897
       608
        
       

     

       898
       898
       -
       		serverTest("should reject missing name", async () => {

     

       899
       899
       -
       			// Register user

     

       900
       900
       -
       			const hashedPassword = await clientHashPassword(

     

       901
       901
       -
       				TEST_USER.email,

     

       902
       902
       -
       				TEST_USER.password,

     

       903
       903
       -
       			);

     

       904
       904
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       905
       905
       -
       				method: "POST",

     

       906
       906
       -
       				headers: { "Content-Type": "application/json" },

     

       907
       907
       -
       				body: JSON.stringify({

     

       908
       908
       -
       					email: TEST_USER.email,

     

       909
       909
       -
       					password: hashedPassword,

     

       910
       910
       -
       				}),

     

       911
       911
       -
       			});

     

       912
       912
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       609
       609
       +
       		test("should reject missing name", async () => {

     

       610
       610
       +
       			// Register and login

     

       611
       611
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       913
       612
        
       

     

       914
       613
        
       			const response = await authRequest(

     

       915
       614
        
       				`${BASE_URL}/api/user/name`,

     
···

       926
       625
        
       	});

     

       927
       626
        
       

     

       928
       627
        
       	describe("PUT /api/user/avatar", () => {

     

       929
       929
       -
       		serverTest("should update user avatar", async () => {

     

       930
       930
       -
       			// Register user

     

       931
       931
       -
       			const hashedPassword = await clientHashPassword(

     

       932
       932
       -
       				TEST_USER.email,

     

       933
       933
       -
       				TEST_USER.password,

     

       934
       934
       -
       			);

     

       935
       935
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       936
       936
       -
       				method: "POST",

     

       937
       937
       -
       				headers: { "Content-Type": "application/json" },

     

       938
       938
       -
       				body: JSON.stringify({

     

       939
       939
       -
       					email: TEST_USER.email,

     

       940
       940
       -
       					password: hashedPassword,

     

       941
       941
       -
       				}),

     

       942
       942
       -
       			});

     

       943
       943
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       628
       628
       +
       		test("should update user avatar", async () => {

     

       629
       629
       +
       			// Register and login

     

       630
       630
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       944
       631
        
       

     

       945
       632
        
       			// Update avatar

     

       946
       633
        
       			const newAvatar = "👨‍💻";

     
···

       969
       656
        
       	});

     

       970
       657
        
       });

     

       971
       658
        
       

     

       972
       972
       -
       describe("API Endpoints - Transcriptions", () => {

     

       973
       973
       -
       	describe("GET /api/transcriptions/health", () => {

     

       974
       974
       -
       		serverTest(

     

       975
       975
       -
       			"should return transcription service health status",

     

       976
       976
       -
       			async () => {

     

       977
       977
       -
       				const response = await fetch(`${BASE_URL}/api/transcriptions/health`);

     

       659
       659
       +
       describe("API Endpoints - Health", () => {

     

       660
       660
       +
       	describe("GET /api/health", () => {

     

       661
       661
       +
       		test("should return service health status with details", async () => {

     

       662
       662
       +
       			const response = await fetch(`${BASE_URL}/api/health`);

     

       978
       663
        
       

     

       979
       979
       -
       				expect(response.status).toBe(200);

     

       980
       980
       -
       				const data = await response.json();

     

       981
       981
       -
       				expect(data).toHaveProperty("available");

     

       982
       982
       -
       				expect(typeof data.available).toBe("boolean");

     

       983
       983
       -
       			},

     

       984
       984
       -
       		);

     

       664
       664
       +
       			expect(response.status).toBe(200);

     

       665
       665
       +
       			const data = await response.json();

     

       666
       666
       +
       			expect(data).toHaveProperty("status");

     

       667
       667
       +
       			expect(data).toHaveProperty("timestamp");

     

       668
       668
       +
       			expect(data).toHaveProperty("services");

     

       669
       669
       +
       			expect(data.services).toHaveProperty("database");

     

       670
       670
       +
       			expect(data.services).toHaveProperty("whisper");

     

       671
       671
       +
       			expect(data.services).toHaveProperty("storage");

     

       672
       672
       +
       		});

     

       985
       673
        
       	});

     

       674
       674
       +
       });

     

       986
       675
        
       

     

       676
       676
       +
       describe("API Endpoints - Transcriptions", () => {

     

       987
       677
        
       	describe("GET /api/transcriptions", () => {

     

       988
       988
       -
       		serverTest("should return user transcriptions", async () => {

     

       989
       989
       -
       			// Register user

     

       990
       990
       -
       			const hashedPassword = await clientHashPassword(

     

       991
       991
       -
       				TEST_USER.email,

     

       992
       992
       -
       				TEST_USER.password,

     

       993
       993
       -
       			);

     

       994
       994
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       995
       995
       -
       				method: "POST",

     

       996
       996
       -
       				headers: { "Content-Type": "application/json" },

     

       997
       997
       -
       				body: JSON.stringify({

     

       998
       998
       -
       					email: TEST_USER.email,

     

       999
       999
       -
       					password: hashedPassword,

     

       1000
       1000
       -
       				}),

     

       1001
       1001
       -
       			});

     

       1002
       1002
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       678
       678
       +
       		test("should return user transcriptions", async () => {

     

       679
       679
       +
       			// Register and login

     

       680
       680
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       681
       681
       +
       

     

       682
       682
       +
       			// Add subscription

     

       683
       683
       +
       			addSubscription(TEST_USER.email);

     

       1003
       684
        
       

     

       1004
       685
        
       			// Get transcriptions

     

       1005
       686
        
       			const response = await authRequest(

     
···

       1013
       694
        
       			expect(Array.isArray(data.jobs)).toBe(true);

     

       1014
       695
        
       		});

     

       1015
       696
        
       

     

       1016
       1016
       -
       		serverTest("should require authentication", async () => {

     

       697
       697
       +
       		test("should require authentication", async () => {

     

       1017
       698
        
       			const response = await fetch(`${BASE_URL}/api/transcriptions`);

     

       1018
       699
        
       

     

       1019
       700
        
       			expect(response.status).toBe(401);

     
···

       1021
       702
        
       	});

     

       1022
       703
        
       

     

       1023
       704
        
       	describe("POST /api/transcriptions", () => {

     

       1024
       1024
       -
       		serverTest("should upload audio file and start transcription", async () => {

     

       1025
       1025
       -
       			// Register user

     

       1026
       1026
       -
       			const hashedPassword = await clientHashPassword(

     

       1027
       1027
       -
       				TEST_USER.email,

     

       1028
       1028
       -
       				TEST_USER.password,

     

       1029
       1029
       -
       			);

     

       1030
       1030
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1031
       1031
       -
       				method: "POST",

     

       1032
       1032
       -
       				headers: { "Content-Type": "application/json" },

     

       1033
       1033
       -
       				body: JSON.stringify({

     

       1034
       1034
       -
       					email: TEST_USER.email,

     

       1035
       1035
       -
       					password: hashedPassword,

     

       1036
       1036
       -
       				}),

     

       1037
       1037
       -
       			});

     

       1038
       1038
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       705
       705
       +
       		test("should upload audio file and start transcription", async () => {

     

       706
       706
       +
       			// Register and login

     

       707
       707
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       708
       708
       +
       

     

       709
       709
       +
       			// Add subscription

     

       710
       710
       +
       			addSubscription(TEST_USER.email);

     

       1039
       711
        
       

     

       1040
       712
        
       			// Create a test audio file

     

       1041
       713
        
       			const audioBlob = new Blob(["fake audio data"], { type: "audio/mp3" });

     
···

       1053
       725
        
       				},

     

       1054
       726
        
       			);

     

       1055
       727
        
       

     

       1056
       1056
       -
       			expect(response.status).toBe(200);

     

       728
       728
       +
       			expect(response.status).toBe(201);

     

       1057
       729
        
       			const data = await response.json();

     

       1058
       730
        
       			expect(data.id).toBeDefined();

     

       1059
       731
        
       			expect(data.message).toContain("Upload successful");

     

       1060
       732
        
       		});

     

       1061
       733
        
       

     

       1062
       1062
       -
       		serverTest("should reject non-audio files", async () => {

     

       1063
       1063
       -
       			// Register user

     

       1064
       1064
       -
       			const hashedPassword = await clientHashPassword(

     

       1065
       1065
       -
       				TEST_USER.email,

     

       1066
       1066
       -
       				TEST_USER.password,

     

       1067
       1067
       -
       			);

     

       1068
       1068
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1069
       1069
       -
       				method: "POST",

     

       1070
       1070
       -
       				headers: { "Content-Type": "application/json" },

     

       1071
       1071
       -
       				body: JSON.stringify({

     

       1072
       1072
       -
       					email: TEST_USER.email,

     

       1073
       1073
       -
       					password: hashedPassword,

     

       1074
       1074
       -
       				}),

     

       1075
       1075
       -
       			});

     

       1076
       1076
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       734
       734
       +
       		test("should reject non-audio files", async () => {

     

       735
       735
       +
       			// Register and login

     

       736
       736
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       737
       737
       +
       

     

       738
       738
       +
       			// Add subscription

     

       739
       739
       +
       			addSubscription(TEST_USER.email);

     

       1077
       740
        
       

     

       1078
       741
        
       			// Try to upload non-audio file

     

       1079
       742
        
       			const textBlob = new Blob(["text file"], { type: "text/plain" });

     
···

       1092
       755
        
       			expect(response.status).toBe(400);

     

       1093
       756
        
       		});

     

       1094
       757
        
       

     

       1095
       1095
       -
       		serverTest("should reject files exceeding size limit", async () => {

     

       1096
       1096
       -
       			// Register user

     

       1097
       1097
       -
       			const hashedPassword = await clientHashPassword(

     

       1098
       1098
       -
       				TEST_USER.email,

     

       1099
       1099
       -
       				TEST_USER.password,

     

       1100
       1100
       -
       			);

     

       1101
       1101
       -
       			const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1102
       1102
       -
       				method: "POST",

     

       1103
       1103
       -
       				headers: { "Content-Type": "application/json" },

     

       1104
       1104
       -
       				body: JSON.stringify({

     

       1105
       1105
       -
       					email: TEST_USER.email,

     

       1106
       1106
       -
       					password: hashedPassword,

     

       1107
       1107
       -
       				}),

     

       1108
       1108
       -
       			});

     

       1109
       1109
       -
       			const sessionCookie = extractSessionCookie(registerResponse);

     

       758
       758
       +
       		test("should reject files exceeding size limit", async () => {

     

       759
       759
       +
       			// Register and login

     

       760
       760
       +
       			const sessionCookie = await registerAndLogin(TEST_USER);

     

       761
       761
       +
       

     

       762
       762
       +
       			// Add subscription

     

       763
       763
       +
       			addSubscription(TEST_USER.email);

     

       1110
       764
        
       

     

       1111
       765
        
       			// Create a file larger than 100MB (the actual limit)

     

       1112
       766
        
       			const largeBlob = new Blob([new ArrayBuffer(101 * 1024 * 1024)], {

     
···

       1129
       783
        
       			expect(data.error).toContain("File size must be less than");

     

       1130
       784
        
       		});

     

       1131
       785
        
       

     

       1132
       1132
       -
       		serverTest("should require authentication", async () => {

     

       786
       786
       +
       		test("should require authentication", async () => {

     

       1133
       787
        
       			const audioBlob = new Blob(["fake audio data"], { type: "audio/mp3" });

     

       1134
       788
        
       			const formData = new FormData();

     

       1135
       789
        
       			formData.append("audio", audioBlob, "test.mp3");

     
···

       1150
       804
        
       	let userId: number;

     

       1151
       805
        
       

     

       1152
       806
        
       	beforeEach(async () => {

     

       1153
       1153
       -
       		if (!serverAvailable) return;

     

       1154
       1154
       -
       

     

       1155
       807
        
       		// Create admin user

     

       1156
       1156
       -
       		const adminHash = await clientHashPassword(

     

       1157
       1157
       -
       			TEST_ADMIN.email,

     

       1158
       1158
       -
       			TEST_ADMIN.password,

     

       1159
       1159
       -
       		);

     

       1160
       1160
       -
       		const adminResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1161
       1161
       -
       			method: "POST",

     

       1162
       1162
       -
       			headers: { "Content-Type": "application/json" },

     

       1163
       1163
       -
       			body: JSON.stringify({

     

       1164
       1164
       -
       				email: TEST_ADMIN.email,

     

       1165
       1165
       -
       				password: adminHash,

     

       1166
       1166
       -
       				name: TEST_ADMIN.name,

     

       1167
       1167
       -
       			}),

     

       1168
       1168
       -
       		});

     

       1169
       1169
       -
       		adminCookie = extractSessionCookie(adminResponse);

     

       808
       808
       +
       		adminCookie = await registerAndLogin(TEST_ADMIN);

     

       1170
       809
        
       

     

       1171
       810
        
       		// Manually set admin role in database

     

       811
       811
       +
       		const db = require("bun:sqlite").Database.open(TEST_DB_PATH);

     

       1172
       812
        
       		db.run("UPDATE users SET role = 'admin' WHERE email = ?", [

     

       1173
       813
        
       			TEST_ADMIN.email,

     

       1174
       814
        
       		]);

     

       1175
       815
        
       

     

       1176
       816
        
       		// Create regular user

     

       1177
       1177
       -
       		const userHash = await clientHashPassword(

     

       1178
       1178
       -
       			TEST_USER.email,

     

       1179
       1179
       -
       			TEST_USER.password,

     

       1180
       1180
       -
       		);

     

       1181
       1181
       -
       		const userResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1182
       1182
       -
       			method: "POST",

     

       1183
       1183
       -
       			headers: { "Content-Type": "application/json" },

     

       1184
       1184
       -
       			body: JSON.stringify({

     

       1185
       1185
       -
       				email: TEST_USER.email,

     

       1186
       1186
       -
       				password: userHash,

     

       1187
       1187
       -
       				name: TEST_USER.name,

     

       1188
       1188
       -
       			}),

     

       1189
       1189
       -
       		});

     

       1190
       1190
       -
       		userCookie = extractSessionCookie(userResponse);

     

       817
       817
       +
       		userCookie = await registerAndLogin(TEST_USER);

     

       1191
       818
        
       

     

       1192
       819
        
       		// Get user ID

     

       1193
       820
        
       		const userIdResult = db

     

       1194
       821
        
       			.query<{ id: number }, [string]>("SELECT id FROM users WHERE email = ?")

     

       1195
       822
        
       			.get(TEST_USER.email);

     

       1196
       823
        
       		userId = userIdResult?.id;

     

       824
       824
       +
       

     

       825
       825
       +
       		db.close();

     

       1197
       826
        
       	});

     

       1198
       827
        
       

     

       1199
       828
        
       	describe("GET /api/admin/users", () => {

     

       1200
       1200
       -
       		serverTest("should return all users for admin", async () => {

     

       829
       829
       +
       		test("should return all users for admin", async () => {

     

       1201
       830
        
       			const response = await authRequest(

     

       1202
       831
        
       				`${BASE_URL}/api/admin/users`,

     

       1203
       832
        
       				adminCookie,

     
···

       1209
       838
        
       			expect(data.length).toBeGreaterThan(0);

     

       1210
       839
        
       		});

     

       1211
       840
        
       

     

       1212
       1212
       -
       		serverTest("should reject non-admin users", async () => {

     

       841
       841
       +
       		test("should reject non-admin users", async () => {

     

       1213
       842
        
       			const response = await authRequest(

     

       1214
       843
        
       				`${BASE_URL}/api/admin/users`,

     

       1215
       844
        
       				userCookie,

     
···

       1218
       847
        
       			expect(response.status).toBe(403);

     

       1219
       848
        
       		});

     

       1220
       849
        
       

     

       1221
       1221
       -
       		serverTest("should require authentication", async () => {

     

       850
       850
       +
       		test("should require authentication", async () => {

     

       1222
       851
        
       			const response = await fetch(`${BASE_URL}/api/admin/users`);

     

       1223
       852
        
       

     

       1224
       853
        
       			expect(response.status).toBe(401);

     
···

       1226
       855
        
       	});

     

       1227
       856
        
       

     

       1228
       857
        
       	describe("GET /api/admin/transcriptions", () => {

     

       1229
       1229
       -
       		serverTest("should return all transcriptions for admin", async () => {

     

       858
       858
       +
       		test("should return all transcriptions for admin", async () => {

     

       1230
       859
        
       			const response = await authRequest(

     

       1231
       860
        
       				`${BASE_URL}/api/admin/transcriptions`,

     

       1232
       861
        
       				adminCookie,

     
···

       1237
       866
        
       			expect(Array.isArray(data)).toBe(true);

     

       1238
       867
        
       		});

     

       1239
       868
        
       

     

       1240
       1240
       -
       		serverTest("should reject non-admin users", async () => {

     

       869
       869
       +
       		test("should reject non-admin users", async () => {

     

       1241
       870
        
       			const response = await authRequest(

     

       1242
       871
        
       				`${BASE_URL}/api/admin/transcriptions`,

     

       1243
       872
        
       				userCookie,

     
···

       1248
       877
        
       	});

     

       1249
       878
        
       

     

       1250
       879
        
       	describe("DELETE /api/admin/users/:id", () => {

     

       1251
       1251
       -
       		serverTest("should delete user as admin", async () => {

     

       880
       880
       +
       		test("should delete user as admin", async () => {

     

       1252
       881
        
       			const response = await authRequest(

     

       1253
       882
        
       				`${BASE_URL}/api/admin/users/${userId}`,

     

       1254
       883
        
       				adminCookie,

     
···

       1257
       886
        
       				},

     

       1258
       887
        
       			);

     

       1259
       888
        
       

     

       1260
       1260
       -
       			expect(response.status).toBe(200);

     

       1261
       1261
       -
       			const data = await response.json();

     

       1262
       1262
       -
       			expect(data.success).toBe(true);

     

       889
       889
       +
       			expect(response.status).toBe(204);

     

       1263
       890
        
       

     

       1264
       891
        
       			// Verify user is deleted

     

       1265
       892
        
       			const verifyResponse = await authRequest(

     
···

       1269
       896
        
       			expect(verifyResponse.status).toBe(401);

     

       1270
       897
        
       		});

     

       1271
       898
        
       

     

       1272
       1272
       -
       		serverTest("should reject non-admin users", async () => {

     

       899
       899
       +
       		test("should reject non-admin users", async () => {

     

       1273
       900
        
       			const response = await authRequest(

     

       1274
       901
        
       				`${BASE_URL}/api/admin/users/${userId}`,

     

       1275
       902
        
       				userCookie,

     
···

       1283
       910
        
       	});

     

       1284
       911
        
       

     

       1285
       912
        
       	describe("PUT /api/admin/users/:id/role", () => {

     

       1286
       1286
       -
       		serverTest("should update user role as admin", async () => {

     

       913
       913
       +
       		test("should update user role as admin", async () => {

     

       1287
       914
        
       			const response = await authRequest(

     

       1288
       915
        
       				`${BASE_URL}/api/admin/users/${userId}/role`,

     

       1289
       916
        
       				adminCookie,

     
···

       1295
       922
        
       			);

     

       1296
       923
        
       

     

       1297
       924
        
       			expect(response.status).toBe(200);

     

       1298
       1298
       -
       			const data = await response.json();

     

       1299
       1299
       -
       			expect(data.success).toBe(true);

     

       1300
       925
        
       

     

       1301
       926
        
       			// Verify role updated

     

       1302
       927
        
       			const meResponse = await authRequest(

     
···

       1307
       932
        
       			expect(meData.role).toBe("admin");

     

       1308
       933
        
       		});

     

       1309
       934
        
       

     

       1310
       1310
       -
       		serverTest("should reject invalid roles", async () => {

     

       935
       935
       +
       		test("should reject invalid roles", async () => {

     

       1311
       936
        
       			const response = await authRequest(

     

       1312
       937
        
       				`${BASE_URL}/api/admin/users/${userId}/role`,

     

       1313
       938
        
       				adminCookie,

     
···

       1323
       948
        
       	});

     

       1324
       949
        
       

     

       1325
       950
        
       	describe("GET /api/admin/users/:id/details", () => {

     

       1326
       1326
       -
       		serverTest("should return user details for admin", async () => {

     

       951
       951
       +
       		test("should return user details for admin", async () => {

     

       1327
       952
        
       			const response = await authRequest(

     

       1328
       953
        
       				`${BASE_URL}/api/admin/users/${userId}/details`,

     

       1329
       954
        
       				adminCookie,

     
···

       1337
       962
        
       			expect(data).toHaveProperty("sessions");

     

       1338
       963
        
       		});

     

       1339
       964
        
       

     

       1340
       1340
       -
       		serverTest("should reject non-admin users", async () => {

     

       965
       965
       +
       		test("should reject non-admin users", async () => {

     

       1341
       966
        
       			const response = await authRequest(

     

       1342
       967
        
       				`${BASE_URL}/api/admin/users/${userId}/details`,

     

       1343
       968
        
       				userCookie,

     
···

       1348
       973
        
       	});

     

       1349
       974
        
       

     

       1350
       975
        
       	describe("PUT /api/admin/users/:id/name", () => {

     

       1351
       1351
       -
       		serverTest("should update user name as admin", async () => {

     

       976
       976
       +
       		test("should update user name as admin", async () => {

     

       1352
       977
        
       			const newName = "Admin Updated Name";

     

       1353
       978
        
       			const response = await authRequest(

     

       1354
       979
        
       				`${BASE_URL}/api/admin/users/${userId}/name`,

     
···

       1365
       990
        
       			expect(data.success).toBe(true);

     

       1366
       991
        
       		});

     

       1367
       992
        
       

     

       1368
       1368
       -
       		serverTest("should reject empty names", async () => {

     

       993
       993
       +
       		test("should reject empty names", async () => {

     

       1369
       994
        
       			const response = await authRequest(

     

       1370
       995
        
       				`${BASE_URL}/api/admin/users/${userId}/name`,

     

       1371
       996
        
       				adminCookie,

     
···

       1381
       1006
        
       	});

     

       1382
       1007
        
       

     

       1383
       1008
        
       	describe("PUT /api/admin/users/:id/email", () => {

     

       1384
       1384
       -
       		serverTest("should update user email as admin", async () => {

     

       1009
       1009
       +
       		test("should update user email as admin", async () => {

     

       1385
       1010
        
       			const newEmail = "newemail@admin.com";

     

       1386
       1011
        
       			const response = await authRequest(

     

       1387
       1012
        
       				`${BASE_URL}/api/admin/users/${userId}/email`,

     
···

       1398
       1023
        
       			expect(data.success).toBe(true);

     

       1399
       1024
        
       		});

     

       1400
       1025
        
       

     

       1401
       1401
       -
       		serverTest("should reject duplicate emails", async () => {

     

       1026
       1026
       +
       		test("should reject duplicate emails", async () => {

     

       1402
       1027
        
       			const response = await authRequest(

     

       1403
       1028
        
       				`${BASE_URL}/api/admin/users/${userId}/email`,

     

       1404
       1029
        
       				adminCookie,

     
···

       1409
       1034
        
       				},

     

       1410
       1035
        
       			);

     

       1411
       1036
        
       

     

       1412
       1412
       -
       			expect(response.status).toBe(400);

     

       1037
       1037
       +
       			expect(response.status).toBe(409);

     

       1413
       1038
        
       			const data = await response.json();

     

       1414
       1039
        
       			expect(data.error).toBe("Email already in use");

     

       1415
       1040
        
       		});

     

       1416
       1041
        
       	});

     

       1417
       1042
        
       

     

       1418
       1043
        
       	describe("GET /api/admin/users/:id/sessions", () => {

     

       1419
       1419
       -
       		serverTest("should return user sessions as admin", async () => {

     

       1044
       1044
       +
       		test("should return user sessions as admin", async () => {

     

       1420
       1045
        
       			const response = await authRequest(

     

       1421
       1046
        
       				`${BASE_URL}/api/admin/users/${userId}/sessions`,

     

       1422
       1047
        
       				adminCookie,

     
···

       1429
       1054
        
       	});

     

       1430
       1055
        
       

     

       1431
       1056
        
       	describe("DELETE /api/admin/users/:id/sessions", () => {

     

       1432
       1432
       -
       		serverTest("should delete all user sessions as admin", async () => {

     

       1057
       1057
       +
       		test("should delete all user sessions as admin", async () => {

     

       1433
       1058
        
       			const response = await authRequest(

     

       1434
       1059
        
       				`${BASE_URL}/api/admin/users/${userId}/sessions`,

     

       1435
       1060
        
       				adminCookie,

     
···

       1438
       1063
        
       				},

     

       1439
       1064
        
       			);

     

       1440
       1065
        
       

     

       1441
       1441
       -
       			expect(response.status).toBe(200);

     

       1442
       1442
       -
       			const data = await response.json();

     

       1443
       1443
       -
       			expect(data.success).toBe(true);

     

       1066
       1066
       +
       			expect(response.status).toBe(204);

     

       1444
       1067
        
       

     

       1445
       1068
        
       			// Verify sessions are deleted

     

       1446
       1069
        
       			const verifyResponse = await authRequest(

     
···

       1456
       1079
        
       	let sessionCookie: string;

     

       1457
       1080
        
       

     

       1458
       1081
        
       	beforeEach(async () => {

     

       1459
       1459
       -
       		if (!serverAvailable) return;

     

       1460
       1460
       -
       

     

       1461
       1461
       -
       		// Register user

     

       1462
       1462
       -
       		const hashedPassword = await clientHashPassword(

     

       1463
       1463
       -
       			TEST_USER.email,

     

       1464
       1464
       -
       			TEST_USER.password,

     

       1465
       1465
       -
       		);

     

       1466
       1466
       -
       		const registerResponse = await fetch(`${BASE_URL}/api/auth/register`, {

     

       1467
       1467
       -
       			method: "POST",

     

       1468
       1468
       -
       			headers: { "Content-Type": "application/json" },

     

       1469
       1469
       -
       			body: JSON.stringify({

     

       1470
       1470
       -
       				email: TEST_USER.email,

     

       1471
       1471
       -
       				password: hashedPassword,

     

       1472
       1472
       -
       			}),

     

       1473
       1473
       -
       		});

     

       1474
       1474
       -
       		sessionCookie = extractSessionCookie(registerResponse);

     

       1082
       1082
       +
       		// Register and login

     

       1083
       1083
       +
       		sessionCookie = await registerAndLogin(TEST_USER);

     

       1475
       1084
        
       	});

     

       1476
       1085
        
       

     

       1477
       1086
        
       	describe("GET /api/passkeys", () => {

     

       1478
       1478
       -
       		serverTest("should return user passkeys", async () => {

     

       1087
       1087
       +
       		test("should return user passkeys", async () => {

     

       1479
       1088
        
       			const response = await authRequest(

     

       1480
       1089
        
       				`${BASE_URL}/api/passkeys`,

     

       1481
       1090
        
       				sessionCookie,

     
···

       1487
       1096
        
       			expect(Array.isArray(data.passkeys)).toBe(true);

     

       1488
       1097
        
       		});

     

       1489
       1098
        
       

     

       1490
       1490
       -
       		serverTest("should require authentication", async () => {

     

       1099
       1099
       +
       		test("should require authentication", async () => {

     

       1491
       1100
        
       			const response = await fetch(`${BASE_URL}/api/passkeys`);

     

       1492
       1101
        
       

     

       1493
       1102
        
       			expect(response.status).toBe(401);

     
···

       1495
       1104
        
       	});

     

       1496
       1105
        
       

     

       1497
       1106
        
       	describe("POST /api/passkeys/register/options", () => {

     

       1498
       1498
       -
       		serverTest(

     

       1499
       1499
       -
       			"should return registration options for authenticated user",

     

       1500
       1500
       -
       			async () => {

     

       1501
       1501
       -
       				const response = await authRequest(

     

       1502
       1502
       -
       					`${BASE_URL}/api/passkeys/register/options`,

     

       1503
       1503
       -
       					sessionCookie,

     

       1504
       1504
       -
       					{

     

       1505
       1505
       -
       						method: "POST",

     

       1506
       1506
       -
       					},

     

       1507
       1507
       -
       				);

     

       1107
       1107
       +
       		test("should return registration options for authenticated user", async () => {

     

       1108
       1108
       +
       			const response = await authRequest(

     

       1109
       1109
       +
       				`${BASE_URL}/api/passkeys/register/options`,

     

       1110
       1110
       +
       				sessionCookie,

     

       1111
       1111
       +
       				{

     

       1112
       1112
       +
       					method: "POST",

     

       1113
       1113
       +
       				},

     

       1114
       1114
       +
       			);

     

       1508
       1115
        
       

     

       1509
       1509
       -
       				expect(response.status).toBe(200);

     

       1510
       1510
       -
       				const data = await response.json();

     

       1511
       1511
       -
       				expect(data).toHaveProperty("challenge");

     

       1512
       1512
       -
       				expect(data).toHaveProperty("rp");

     

       1513
       1513
       -
       				expect(data).toHaveProperty("user");

     

       1514
       1514
       -
       			},

     

       1515
       1515
       -
       		);

     

       1116
       1116
       +
       			expect(response.status).toBe(200);

     

       1117
       1117
       +
       			const data = await response.json();

     

       1118
       1118
       +
       			expect(data).toHaveProperty("challenge");

     

       1119
       1119
       +
       			expect(data).toHaveProperty("rp");

     

       1120
       1120
       +
       			expect(data).toHaveProperty("user");

     

       1121
       1121
       +
       		});

     

       1516
       1122
        
       

     

       1517
       1517
       -
       		serverTest("should require authentication", async () => {

     

       1123
       1123
       +
       		test("should require authentication", async () => {

     

       1518
       1124
        
       			const response = await fetch(

     

       1519
       1125
        
       				`${BASE_URL}/api/passkeys/register/options`,

     

       1520
       1126
        
       				{

     
···

       1527
       1133
        
       	});

     

       1528
       1134
        
       

     

       1529
       1135
        
       	describe("POST /api/passkeys/authenticate/options", () => {

     

       1530
       1530
       -
       		serverTest("should return authentication options for email", async () => {

     

       1136
       1136
       +
       		test("should return authentication options for email", async () => {

     

       1531
       1137
        
       			const response = await fetch(

     

       1532
       1138
        
       				`${BASE_URL}/api/passkeys/authenticate/options`,

     

       1533
       1139
        
       				{

     
···

       1542
       1148
        
       			expect(data).toHaveProperty("challenge");

     

       1543
       1149
        
       		});

     

       1544
       1150
        
       

     

       1545
       1545
       -
       		serverTest("should handle non-existent email", async () => {

     

       1151
       1151
       +
       		test("should handle non-existent email", async () => {

     

       1546
       1152
        
       			const response = await fetch(

     

       1547
       1153
        
       				`${BASE_URL}/api/passkeys/authenticate/options`,

     

       1548
       1154
        
       				{

+1567 -481

src/index.ts

···

       2
       2
        
       import {

     

       3
       3
        
       	authenticateUser,

     

       4
       4
        
       	cleanupExpiredSessions,

     

       5
       5
       +
       	consumeEmailChangeToken,

     

       6
       6
       +
       	consumePasswordResetToken,

     

       7
       7
       +
       	createEmailChangeToken,

     

       8
       8
       +
       	createEmailVerificationToken,

     

       9
       9
       +
       	createPasswordResetToken,

     

       5
       10
        
       	createSession,

     

       6
       11
        
       	createUser,

     

       7
       12
        
       	deleteAllUserSessions,

     
···

       17
       22
        
       	getUserByEmail,

     

       18
       23
        
       	getUserBySession,

     

       19
       24
        
       	getUserSessionsForUser,

     

       25
       25
       +
       	getVerificationCodeSentAt,

     

       26
       26
       +
       	isEmailVerified,

     

       20
       27
        
       	type UserRole,

     

       21
       28
        
       	updateUserAvatar,

     

       22
       29
        
       	updateUserEmail,

     
···

       24
       31
        
       	updateUserName,

     

       25
       32
        
       	updateUserPassword,

     

       26
       33
        
       	updateUserRole,

     

       27
       27
       -
       	createEmailVerificationToken,

     

       28
       28
       -
       	verifyEmailToken,

     

       34
       34
       +
       	verifyEmailChangeToken,

     

       29
       35
        
       	verifyEmailCode,

     

       30
       30
       -
       	isEmailVerified,

     

       31
       31
       -
       	getVerificationCodeSentAt,

     

       32
       32
       -
       	createPasswordResetToken,

     

       36
       36
       +
       	verifyEmailToken,

     

       33
       37
        
       	verifyPasswordResetToken,

     

       34
       34
       -
       	consumePasswordResetToken,

     

       35
       38
        
       } from "./lib/auth";

     

       36
       39
        
       import {

     

       37
       40
        
       	addToWaitlist,

     
···

       45
       48
        
       	getClassById,

     

       46
       49
        
       	getClassesForUser,

     

       47
       50
        
       	getClassMembers,

     

       51
       51
       +
       	getClassSections,

     

       52
       52
       +
       	getMeetingById,

     

       48
       53
        
       	getMeetingTimesForClass,

     

       49
       54
        
       	getTranscriptionsForClass,

     

       55
       55
       +
       	getUserSection,

     

       50
       56
        
       	isUserEnrolledInClass,

     

       51
       57
        
       	joinClass,

     

       52
       58
        
       	removeUserFromClass,

     

       53
       59
        
       	searchClassesByCourseCode,

     

       54
       60
        
       	toggleClassArchive,

     

       55
       61
        
       	updateMeetingTime,

     

       62
       62
       +
       	createClassSection,

     

       56
       63
        
       } from "./lib/classes";

     

       64
       64
       +
       import { sendEmail } from "./lib/email";

     

       65
       65
       +
       import {

     

       66
       66
       +
       	emailChangeTemplate,

     

       67
       67
       +
       	passwordResetTemplate,

     

       68
       68
       +
       	verifyEmailTemplate,

     

       69
       69
       +
       } from "./lib/email-templates";

     

       57
       70
        
       import { AuthErrors, handleError, ValidationErrors } from "./lib/errors";

     

       58
       71
        
       import {

     

       59
       72
        
       	hasActiveSubscription,

     
···

       70
       83
        
       	verifyAndAuthenticatePasskey,

     

       71
       84
        
       	verifyAndCreatePasskey,

     

       72
       85
        
       } from "./lib/passkey";

     

       73
       73
       -
       import { enforceRateLimit, clearRateLimit } from "./lib/rate-limit";

     

       86
       86
       +
       import { clearRateLimit, enforceRateLimit } from "./lib/rate-limit";

     

       74
       87
        
       import { getTranscriptVTT } from "./lib/transcript-storage";

     

       75
       88
        
       import {

     

       76
       89
        
       	MAX_FILE_SIZE,

     
···

       78
       91
        
       	type TranscriptionUpdate,

     

       79
       92
        
       	WhisperServiceManager,

     

       80
       93
        
       } from "./lib/transcription";

     

       81
       81
       -
       import { sendEmail } from "./lib/email";

     

       82
       94
        
       import {

     

       83
       83
       -
       	verifyEmailTemplate,

     

       84
       84
       -
       	passwordResetTemplate,

     

       85
       85
       -
       } from "./lib/email-templates";

     

       95
       95
       +
       	findMatchingMeetingTime,

     

       96
       96
       +
       	getDayName,

     

       97
       97
       +
       } from "./lib/audio-metadata";

     

       98
       98
       +
       import {

     

       99
       99
       +
       	checkAutoSubmit,

     

       100
       100
       +
       	deletePendingRecording,

     

       101
       101
       +
       	getEnrolledUserCount,

     

       102
       102
       +
       	getPendingRecordings,

     

       103
       103
       +
       	getUserVoteForMeeting,

     

       104
       104
       +
       	markAsAutoSubmitted,

     

       105
       105
       +
       	removeVote,

     

       106
       106
       +
       	voteForRecording,

     

       107
       107
       +
       } from "./lib/voting";

     

       108
       108
       +
       import {

     

       109
       109
       +
       	validateClassId,

     

       110
       110
       +
       	validateCourseCode,

     

       111
       111
       +
       	validateCourseName,

     

       112
       112
       +
       	validateEmail,

     

       113
       113
       +
       	validateName,

     

       114
       114
       +
       	validatePasswordHash,

     

       115
       115
       +
       	validateSemester,

     

       116
       116
       +
       	validateYear,

     

       117
       117
       +
       } from "./lib/validation";

     

       86
       118
        
       import adminHTML from "./pages/admin.html";

     

       87
       119
        
       import checkoutHTML from "./pages/checkout.html";

     

       88
       120
        
       import classHTML from "./pages/class.html";

     
···

       92
       124
        
       import settingsHTML from "./pages/settings.html";

     

       93
       125
        
       import transcribeHTML from "./pages/transcribe.html";

     

       94
       126
        
       

     

       127
       127
       +
       // Validate required environment variables at startup

     

       128
       128
       +
       function validateEnvVars() {

     

       129
       129
       +
       	const required = [

     

       130
       130
       +
       		"POLAR_ORGANIZATION_ID",

     

       131
       131
       +
       		"POLAR_PRODUCT_ID",

     

       132
       132
       +
       		"POLAR_SUCCESS_URL",

     

       133
       133
       +
       		"POLAR_WEBHOOK_SECRET",

     

       134
       134
       +
       		"MAILCHANNELS_API_KEY",

     

       135
       135
       +
       		"DKIM_PRIVATE_KEY",

     

       136
       136
       +
       		"LLM_API_KEY",

     

       137
       137
       +
       		"LLM_API_BASE_URL",

     

       138
       138
       +
       		"LLM_MODEL",

     

       139
       139
       +
       	];

     

       140
       140
       +
       

     

       141
       141
       +
       	const missing = required.filter((key) => !process.env[key]);

     

       142
       142
       +
       

     

       143
       143
       +
       	if (missing.length > 0) {

     

       144
       144
       +
       		console.error(

     

       145
       145
       +
       			`[Startup] Missing required environment variables: ${missing.join(", ")}`,

     

       146
       146
       +
       		);

     

       147
       147
       +
       		console.error("[Startup] Please check your .env file");

     

       148
       148
       +
       		process.exit(1);

     

       149
       149
       +
       	}

     

       150
       150
       +
       

     

       151
       151
       +
       	// Validate ORIGIN is set for production

     

       152
       152
       +
       	if (!process.env.ORIGIN) {

     

       153
       153
       +
       		console.warn(

     

       154
       154
       +
       			"[Startup] ORIGIN not set, defaulting to http://localhost:3000",

     

       155
       155
       +
       		);

     

       156
       156
       +
       		console.warn("[Startup] Set ORIGIN in production for correct email links");

     

       157
       157
       +
       	}

     

       158
       158
       +
       

     

       159
       159
       +
       	console.log("[Startup] Environment variable validation passed");

     

       160
       160
       +
       }

     

       161
       161
       +
       

     

       162
       162
       +
       validateEnvVars();

     

       163
       163
       +
       

     

       95
       164
        
       // Environment variables

     

       96
       165
        
       const WHISPER_SERVICE_URL =

     

       97
       166
        
       	process.env.WHISPER_SERVICE_URL || "http://localhost:8000";

     
···

       111
       180
        
       	transcriptionEvents,

     

       112
       181
        
       );

     

       113
       182
        
       

     

       114
       114
       -
       // Clean up expired sessions every hour

     

       115
       115
       -
       setInterval(cleanupExpiredSessions, 60 * 60 * 1000);

     

       183
       183
       +
       // Clean up expired sessions every 15 minutes

     

       184
       184
       +
       const sessionCleanupInterval = setInterval(

     

       185
       185
       +
       	cleanupExpiredSessions,

     

       186
       186
       +
       	15 * 60 * 1000,

     

       187
       187
       +
       );

     

       116
       188
        
       

     

       117
       189
        
       // Helper function to sync user subscriptions from Polar

     

       118
       190
        
       async function syncUserSubscriptionsFromPolar(

     

       119
       191
        
       	userId: number,

     

       120
       192
        
       	email: string,

     

       121
       193
        
       ): Promise<void> {

     

       194
       194
       +
       	// Skip Polar sync in test mode

     

       195
       195
       +
       	if (

     

       196
       196
       +
       		process.env.NODE_ENV === "test" ||

     

       197
       197
       +
       		process.env.SKIP_POLAR_SYNC === "true"

     

       198
       198
       +
       	) {

     

       199
       199
       +
       		return;

     

       200
       200
       +
       	}

     

       201
       201
       +
       

     

       122
       202
        
       	try {

     

       123
       203
        
       		const { polar } = await import("./lib/polar");

     

       124
       204
        
       

     

       125
       125
       -
       		// Search for customer by email

     

       205
       205
       +
       		// Search for customer by email (validated at startup)

     

       126
       206
        
       		const customers = await polar.customers.list({

     

       127
       127
       -
       			organizationId: process.env.POLAR_ORGANIZATION_ID,

     

       207
       207
       +
       			organizationId: process.env.POLAR_ORGANIZATION_ID as string,

     

       128
       208
        
       			query: email,

     

       129
       209
        
       		});

     

       130
       210
        
       

     
···

       140
       220
        
       			customerId: customer.id,

     

       141
       221
        
       		});

     

       142
       222
        
       

     

       143
       143
       -
       		if (!subscriptions.result.items || subscriptions.result.items.length === 0) {

     

       223
       223
       +
       		if (

     

       224
       224
       +
       			!subscriptions.result.items ||

     

       225
       225
       +
       			subscriptions.result.items.length === 0

     

       226
       226
       +
       		) {

     

       144
       227
        
       			console.log(`[Sync] No subscriptions found for customer ${customer.id}`);

     

       145
       228
        
       			return;

     

       146
       229
        
       		}

     

       147
       230
        
       

     

       148
       231
        
       		// Filter to only active/trialing/past_due subscriptions (not canceled/expired)

     

       149
       232
        
       		const currentSubscriptions = subscriptions.result.items.filter(

     

       150
       150
       -
       			(sub) => sub.status === 'active' || sub.status === 'trialing' || sub.status === 'past_due'

     

       233
       233
       +
       			(sub) =>

     

       234
       234
       +
       				sub.status === "active" ||

     

       235
       235
       +
       				sub.status === "trialing" ||

     

       236
       236
       +
       				sub.status === "past_due",

     

       151
       237
        
       		);

     

       152
       238
        
       

     

       153
       239
        
       		if (currentSubscriptions.length === 0) {

     

       154
       154
       -
       			console.log(`[Sync] No current subscriptions found for customer ${customer.id}`);

     

       240
       240
       +
       			console.log(

     

       241
       241
       +
       				`[Sync] No current subscriptions found for customer ${customer.id}`,

     

       242
       242
       +
       			);

     

       155
       243
        
       			return;

     

       156
       244
        
       		}

     

       157
       245
        
       

     
···

       204
       292
        
       	}

     

       205
       293
        
       }

     

       206
       294
        
       

     

       207
       207
       -
       

     

       208
       295
        
       // Sync with Whisper DB on startup

     

       209
       296
        
       try {

     

       210
       297
        
       	await whisperService.syncWithWhisper();

     
···

       217
       304
        
       }

     

       218
       305
        
       

     

       219
       306
        
       // Periodic sync every 5 minutes as backup (SSE handles real-time updates)

     

       220
       220
       -
       setInterval(

     

       307
       307
       +
       const syncInterval = setInterval(

     

       221
       308
        
       	async () => {

     

       222
       309
        
       		try {

     

       223
       310
        
       			await whisperService.syncWithWhisper();

     
···

       231
       318
        
       	5 * 60 * 1000,

     

       232
       319
        
       );

     

       233
       320
        
       

     

       234
       234
       -
       // Clean up stale files daily

     

       235
       235
       -
       setInterval(() => whisperService.cleanupStaleFiles(), 24 * 60 * 60 * 1000);

     

       321
       321
       +
       // Clean up stale files hourly

     

       322
       322
       +
       const fileCleanupInterval = setInterval(

     

       323
       323
       +
       	() => whisperService.cleanupStaleFiles(),

     

       324
       324
       +
       	60 * 60 * 1000, // 1 hour

     

       325
       325
       +
       );

     

       236
       326
        
       

     

       237
       327
        
       const server = Bun.serve({

     

       238
       238
       -
       	port: process.env.PORT ? Number.parseInt(process.env.PORT, 10) : 3000,

     

       328
       328
       +
       	port:

     

       329
       329
       +
       		process.env.NODE_ENV === "test"

     

       330
       330
       +
       			? 3001

     

       331
       331
       +
       			: process.env.PORT

     

       332
       332
       +
       				? Number.parseInt(process.env.PORT, 10)

     

       333
       333
       +
       				: 3000,

     

       239
       334
        
       	idleTimeout: 120, // 120 seconds for SSE connections

     

       240
       335
        
       	routes: {

     

       241
       336
        
       		"/": indexHTML,

     
···

       268
       363
        
       							{ status: 400 },

     

       269
       364
        
       						);

     

       270
       365
        
       					}

     

       271
       271
       -
       					// Password is client-side hashed (PBKDF2), should be 64 char hex

     

       272
       272
       -
       					if (password.length !== 64 || !/^[0-9a-f]+$/.test(password)) {

     

       366
       366
       +
       					// Validate password format (client-side hashed PBKDF2)

     

       367
       367
       +
       					const passwordValidation = validatePasswordHash(password);

     

       368
       368
       +
       					if (!passwordValidation.valid) {

     

       273
       369
        
       						return Response.json(

     

       274
       274
       -
       							{ error: "Invalid password format" },

     

       370
       370
       +
       							{ error: passwordValidation.error },

     

       275
       371
        
       							{ status: 400 },

     

       276
       372
        
       						);

     

       277
       373
        
       					}

     

       278
       374
        
       					const user = await createUser(email, password, name);

     

       279
       279
       -
       					

     

       375
       375
       +
       

     

       280
       376
        
       					// Send verification email - MUST succeed for registration to complete

     

       281
       377
        
       					const { code, token, sentAt } = createEmailVerificationToken(user.id);

     

       282
       282
       -
       					

     

       378
       378
       +
       

     

       283
       379
        
       					try {

     

       284
       380
        
       						await sendEmail({

     

       285
       381
        
       							to: user.email,

     
···

       293
       389
        
       					} catch (err) {

     

       294
       390
        
       						console.error("[Email] Failed to send verification email:", err);

     

       295
       391
        
       						// Rollback user creation - direct DB delete since user was just created

     

       296
       296
       -
       						db.run("DELETE FROM email_verification_tokens WHERE user_id = ?", [user.id]);

     

       392
       392
       +
       						db.run("DELETE FROM email_verification_tokens WHERE user_id = ?", [

     

       393
       393
       +
       							user.id,

     

       394
       394
       +
       						]);

     

       297
       395
        
       						db.run("DELETE FROM sessions WHERE user_id = ?", [user.id]);

     

       298
       396
        
       						db.run("DELETE FROM users WHERE id = ?", [user.id]);

     

       299
       397
        
       						return Response.json(

     

       300
       300
       -
       							{ error: "Failed to send verification email. Please try again later." },

     

       398
       398
       +
       							{

     

       399
       399
       +
       								error:

     

       400
       400
       +
       									"Failed to send verification email. Please try again later.",

     

       401
       401
       +
       							},

     

       301
       402
        
       							{ status: 500 },

     

       302
       403
        
       						);

     

       303
       404
        
       					}

     

       304
       304
       -
       					

     

       405
       405
       +
       

     

       305
       406
        
       					// Attempt to sync existing Polar subscriptions (after email succeeds)

     

       306
       407
        
       					syncUserSubscriptionsFromPolar(user.id, user.email).catch(() => {

     

       307
       408
        
       						// Silent fail - don't block registration

     

       308
       409
        
       					});

     

       309
       309
       -
       					

     

       410
       410
       +
       

     

       310
       411
        
       					// Clear rate limits on successful registration

     

       311
       412
        
       					const ipAddress =

     

       312
       413
        
       						req.headers.get("x-forwarded-for") ??

     

       313
       414
        
       						req.headers.get("x-real-ip") ??

     

       314
       415
        
       						"unknown";

     

       315
       416
        
       					clearRateLimit("register", email, ipAddress);

     

       316
       316
       -
       					

     

       417
       417
       +
       

     

       317
       418
        
       					// Return success but indicate email verification is needed

     

       318
       419
        
       					// Don't create session yet - they need to verify first

     

       319
       420
        
       					return Response.json(

     

       320
       320
       -
       						{ 

     

       421
       421
       +
       						{

     

       321
       422
        
       							user: { id: user.id, email: user.email },

     

       322
       423
        
       							email_verification_required: true,

     

       323
       424
        
       							verification_code_sent_at: sentAt,

     

       324
       425
        
       						},

     

       325
       325
       -
       						{ status: 200 },

     

       426
       426
       +
       						{ status: 201 },

     

       326
       427
        
       					);

     

       327
       428
        
       				} catch (err: unknown) {

     

       328
       429
        
       					const error = err as { message?: string };

     

       329
       430
        
       					if (error.message?.includes("UNIQUE constraint failed")) {

     

       330
       431
        
       						return Response.json(

     

       331
       432
        
       							{ error: "Email already registered" },

     

       332
       332
       -
       							{ status: 400 },

     

       433
       433
       +
       							{ status: 409 },

     

       333
       434
        
       						);

     

       334
       435
        
       					}

     

       335
       436
        
       					console.error("[Auth] Registration error:", err);

     
···

       359
       460
        
       					});

     

       360
       461
        
       					if (rateLimitError) return rateLimitError;

     

       361
       462
        
       

     

       362
       362
       -
       					// Password is client-side hashed (PBKDF2), should be 64 char hex

     

       363
       363
       -
       					if (password.length !== 64 || !/^[0-9a-f]+$/.test(password)) {

     

       463
       463
       +
       					// Validate password format (client-side hashed PBKDF2)

     

       464
       464
       +
       					const passwordValidation = validatePasswordHash(password);

     

       465
       465
       +
       					if (!passwordValidation.valid) {

     

       364
       466
        
       						return Response.json(

     

       365
       365
       -
       							{ error: "Invalid password format" },

     

       467
       467
       +
       							{ error: passwordValidation.error },

     

       366
       468
        
       							{ status: 400 },

     

       367
       469
        
       						);

     

       368
       470
        
       					}

     
···

       373
       475
        
       							{ status: 401 },

     

       374
       476
        
       						);

     

       375
       477
        
       					}

     

       376
       376
       -
       					

     

       478
       478
       +
       

     

       377
       479
        
       					// Clear rate limits on successful authentication

     

       378
       480
        
       					const ipAddress =

     

       379
       481
        
       						req.headers.get("x-forwarded-for") ??

     

       380
       482
        
       						req.headers.get("x-real-ip") ??

     

       381
       483
        
       						"unknown";

     

       382
       484
        
       					clearRateLimit("login", email, ipAddress);

     

       383
       383
       -
       					

     

       485
       485
       +
       

     

       384
       486
        
       					// Check if email is verified

     

       385
       487
        
       					if (!isEmailVerified(user.id)) {

     

       386
       488
        
       						let codeSentAt = getVerificationCodeSentAt(user.id);

     

       387
       387
       -
       						

     

       489
       489
       +
       

     

       388
       490
        
       						// If no verification code exists, auto-send one

     

       389
       491
        
       						if (!codeSentAt) {

     

       390
       390
       -
       							const { code, token, sentAt } = createEmailVerificationToken(user.id);

     

       492
       492
       +
       							const { code, token, sentAt } = createEmailVerificationToken(

     

       493
       493
       +
       								user.id,

     

       494
       494
       +
       							);

     

       391
       495
        
       							codeSentAt = sentAt;

     

       392
       392
       -
       							

     

       496
       496
       +
       

     

       393
       497
        
       							try {

     

       394
       498
        
       								await sendEmail({

     

       395
       499
        
       									to: user.email,

     
···

       401
       505
        
       									}),

     

       402
       506
        
       								});

     

       403
       507
        
       							} catch (err) {

     

       404
       404
       -
       								console.error("[Email] Failed to send verification email on login:", err);

     

       508
       508
       +
       								console.error(

     

       509
       509
       +
       									"[Email] Failed to send verification email on login:",

     

       510
       510
       +
       									err,

     

       511
       511
       +
       								);

     

       405
       512
        
       								// Don't fail login - just return null timestamp so client can try resend

     

       406
       513
        
       								codeSentAt = null;

     

       407
       514
        
       							}

     

       408
       515
        
       						}

     

       409
       409
       -
       						

     

       516
       516
       +
       

     

       410
       517
        
       						return Response.json(

     

       411
       411
       -
       							{ 

     

       518
       518
       +
       							{

     

       412
       519
        
       								user: { id: user.id, email: user.email },

     

       413
       520
        
       								email_verification_required: true,

     

       414
       521
        
       								verification_code_sent_at: codeSentAt,

     
···

       416
       523
        
       							{ status: 200 },

     

       417
       524
        
       						);

     

       418
       525
        
       					}

     

       419
       419
       -
       					

     

       526
       526
       +
       

     

       420
       527
        
       					const userAgent = req.headers.get("user-agent") ?? "unknown";

     

       421
       528
        
       					const sessionId = createSession(user.id, ipAddress, userAgent);

     

       422
       529
        
       					return Response.json(

     
···

       461
       568
        
       					return new Response(null, {

     

       462
       569
        
       						status: 302,

     

       463
       570
        
       						headers: {

     

       464
       464
       -
       							"Location": "/classes",

     

       571
       571
       +
       							Location: "/classes",

     

       465
       572
        
       							"Set-Cookie": `session=${sessionId}; HttpOnly; Secure; Path=/; Max-Age=${7 * 24 * 60 * 60}; SameSite=Lax`,

     

       466
       573
        
       						},

     

       467
       574
        
       					});

     
···

       485
       592
        
       					// Get user by email

     

       486
       593
        
       					const user = getUserByEmail(email);

     

       487
       594
        
       					if (!user) {

     

       488
       488
       -
       						return Response.json(

     

       489
       489
       -
       							{ error: "User not found" },

     

       490
       490
       -
       							{ status: 404 },

     

       491
       491
       -
       						);

     

       595
       595
       +
       						return Response.json({ error: "User not found" }, { status: 404 });

     

       492
       596
        
       					}

     

       493
       597
        
       

     

       494
       598
        
       					// Check if already verified

     
···

       517
       621
        
       					const sessionId = createSession(user.id, ipAddress, userAgent);

     

       518
       622
        
       

     

       519
       623
        
       					return Response.json(

     

       520
       520
       -
       						{ 

     

       624
       624
       +
       						{

     

       625
       625
       +
       							success: true,

     

       521
       626
        
       							message: "Email verified successfully",

     

       522
       627
        
       							email_verified: true,

     

       523
       628
        
       							user: { id: user.id, email: user.email },

     
···

       537
       642
        
       			POST: async (req) => {

     

       538
       643
        
       				try {

     

       539
       644
        
       					const user = requireAuth(req);

     

       540
       540
       -
       					

     

       645
       645
       +
       

     

       541
       646
        
       					// Rate limiting

     

       542
       647
        
       					const rateLimitError = enforceRateLimit(req, "resend-verification", {

     

       543
       648
        
       						account: { max: 3, windowSeconds: 60 * 60, email: user.email },

     
···

       565
       670
        
       						}),

     

       566
       671
        
       					});

     

       567
       672
        
       

     

       568
       568
       -
       					return Response.json({ message: "Verification email sent" });

     

       673
       673
       +
       					return Response.json({

     

       674
       674
       +
       						success: true,

     

       675
       675
       +
       						message: "Verification email sent",

     

       676
       676
       +
       					});

     

       569
       677
        
       				} catch (error) {

     

       570
       678
        
       					return handleError(error);

     

       571
       679
        
       				}

     
···

       582
       690
        
       					}

     

       583
       691
        
       

     

       584
       692
        
       					// Rate limiting by email

     

       585
       585
       -
       					const rateLimitError = enforceRateLimit(req, "resend-verification-code", {

     

       586
       586
       -
       						account: { max: 3, windowSeconds: 5 * 60, email },

     

       587
       587
       -
       					});

     

       693
       693
       +
       					const rateLimitError = enforceRateLimit(

     

       694
       694
       +
       						req,

     

       695
       695
       +
       						"resend-verification-code",

     

       696
       696
       +
       						{

     

       697
       697
       +
       							account: { max: 3, windowSeconds: 5 * 60, email },

     

       698
       698
       +
       						},

     

       699
       699
       +
       					);

     

       588
       700
        
       					if (rateLimitError) return rateLimitError;

     

       589
       701
        
       

     

       590
       702
        
       					// Get user by email

     

       591
       703
        
       					const user = getUserByEmail(email);

     

       592
       704
        
       					if (!user) {

     

       593
       705
        
       						// Don't reveal if user exists

     

       594
       594
       -
       						return Response.json({ message: "If an account exists with that email, a verification code has been sent" });

     

       706
       706
       +
       						return Response.json({

     

       707
       707
       +
       							success: true,

     

       708
       708
       +
       							message:

     

       709
       709
       +
       								"If an account exists with that email, a verification code has been sent",

     

       710
       710
       +
       						});

     

       595
       711
        
       					}

     

       596
       712
        
       

     

       597
       713
        
       					// Check if already verified

     
···

       615
       731
        
       						}),

     

       616
       732
        
       					});

     

       617
       733
        
       

     

       618
       618
       -
       					return Response.json({ 

     

       734
       734
       +
       					return Response.json({

     

       735
       735
       +
       						success: true,

     

       619
       736
        
       						message: "Verification code sent",

     

       620
       737
        
       						verification_code_sent_at: sentAt,

     

       621
       738
        
       					});

     
···

       660
       777
        
       					}

     

       661
       778
        
       

     

       662
       779
        
       					return Response.json({

     

       780
       780
       +
       						success: true,

     

       663
       781
        
       						message:

     

       664
       782
        
       							"If an account exists with that email, a password reset link has been sent",

     

       665
       783
        
       					});

     
···

       679
       797
        
       					const token = url.searchParams.get("token");

     

       680
       798
        
       

     

       681
       799
        
       					if (!token) {

     

       682
       682
       -
       						return Response.json(

     

       683
       683
       -
       							{ error: "Token required" },

     

       684
       684
       -
       							{ status: 400 },

     

       685
       685
       -
       						);

     

       800
       800
       +
       						return Response.json({ error: "Token required" }, { status: 400 });

     

       686
       801
        
       					}

     

       687
       802
        
       

     

       688
       803
        
       					const userId = verifyPasswordResetToken(token);

     
···

       695
       810
        
       

     

       696
       811
        
       					// Get user's email for client-side password hashing

     

       697
       812
        
       					const user = db

     

       698
       698
       -
       						.query<{ email: string }, [number]>("SELECT email FROM users WHERE id = ?")

     

       813
       813
       +
       						.query<{ email: string }, [number]>(

     

       814
       814
       +
       							"SELECT email FROM users WHERE id = ?",

     

       815
       815
       +
       						)

     

       699
       816
        
       						.get(userId);

     

       700
       817
        
       

     

       701
       818
        
       					if (!user) {

     
···

       724
       841
        
       					}

     

       725
       842
        
       

     

       726
       843
        
       					// Validate password format (client-side hashed PBKDF2)

     

       727
       727
       -
       					if (password.length !== 64 || !/^[0-9a-f]+$/.test(password)) {

     

       844
       844
       +
       					const passwordValidation = validatePasswordHash(password);

     

       845
       845
       +
       					if (!passwordValidation.valid) {

     

       728
       846
        
       						return Response.json(

     

       729
       729
       -
       							{ error: "Invalid password format" },

     

       847
       847
       +
       							{ error: passwordValidation.error },

     

       730
       848
        
       							{ status: 400 },

     

       731
       849
        
       						);

     

       732
       850
        
       					}

     
···

       743
       861
        
       					await updateUserPassword(userId, password);

     

       744
       862
        
       					consumePasswordResetToken(token);

     

       745
       863
        
       

     

       746
       746
       -
       					return Response.json({ message: "Password reset successfully" });

     

       864
       864
       +
       					return Response.json({

     

       865
       865
       +
       						success: true,

     

       866
       866
       +
       						message: "Password reset successfully",

     

       867
       867
       +
       					});

     

       747
       868
        
       				} catch (error) {

     

       748
       869
        
       					console.error("[Email] Reset password error:", error);

     

       749
       870
        
       					return Response.json(

     
···

       772
       893
        
       		},

     

       773
       894
        
       		"/api/auth/me": {

     

       774
       895
        
       			GET: (req) => {

     

       775
       775
       -
       				const sessionId = getSessionFromRequest(req);

     

       776
       776
       -
       				if (!sessionId) {

     

       777
       777
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       778
       778
       -
       				}

     

       779
       779
       -
       				const user = getUserBySession(sessionId);

     

       780
       780
       -
       				if (!user) {

     

       781
       781
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       782
       782
       -
       				}

     

       896
       896
       +
       				try {

     

       897
       897
       +
       					const user = requireAuth(req);

     

       783
       898
        
       

     

       784
       784
       -
       				// Check subscription status

     

       785
       785
       -
       				const subscription = db

     

       786
       786
       -
       					.query<{ status: string }, [number]>(

     

       787
       787
       -
       						"SELECT status FROM subscriptions WHERE user_id = ? AND status IN ('active', 'trialing', 'past_due') ORDER BY created_at DESC LIMIT 1",

     

       788
       788
       -
       					)

     

       789
       789
       -
       					.get(user.id);

     

       899
       899
       +
       					// Check subscription status

     

       900
       900
       +
       					const subscription = db

     

       901
       901
       +
       						.query<{ status: string }, [number]>(

     

       902
       902
       +
       							"SELECT status FROM subscriptions WHERE user_id = ? AND status IN ('active', 'trialing', 'past_due') ORDER BY created_at DESC LIMIT 1",

     

       903
       903
       +
       						)

     

       904
       904
       +
       						.get(user.id);

     

       790
       905
        
       

     

       791
       791
       -
       				// Get notification preferences

     

       792
       792
       -
       				const prefs = db

     

       793
       793
       -
       					.query<{ email_notifications_enabled: number }, [number]>(

     

       794
       794
       -
       						"SELECT email_notifications_enabled FROM users WHERE id = ?",

     

       795
       795
       -
       					)

     

       796
       796
       -
       					.get(user.id);

     

       906
       906
       +
       					// Get notification preferences

     

       907
       907
       +
       					const prefs = db

     

       908
       908
       +
       						.query<{ email_notifications_enabled: number }, [number]>(

     

       909
       909
       +
       							"SELECT email_notifications_enabled FROM users WHERE id = ?",

     

       910
       910
       +
       						)

     

       911
       911
       +
       						.get(user.id);

     

       797
       912
        
       

     

       798
       798
       -
       				return Response.json({

     

       799
       799
       -
       					email: user.email,

     

       800
       800
       -
       					name: user.name,

     

       801
       801
       -
       					avatar: user.avatar,

     

       802
       802
       -
       					created_at: user.created_at,

     

       803
       803
       -
       					role: user.role,

     

       804
       804
       -
       					has_subscription: !!subscription,

     

       805
       805
       -
       					email_verified: isEmailVerified(user.id),

     

       806
       806
       -
       					email_notifications_enabled: prefs?.email_notifications_enabled === 1,

     

       807
       807
       -
       				});

     

       913
       913
       +
       					return Response.json({

     

       914
       914
       +
       						email: user.email,

     

       915
       915
       +
       						name: user.name,

     

       916
       916
       +
       						avatar: user.avatar,

     

       917
       917
       +
       						created_at: user.created_at,

     

       918
       918
       +
       						role: user.role,

     

       919
       919
       +
       						has_subscription: !!subscription,

     

       920
       920
       +
       						email_verified: isEmailVerified(user.id),

     

       921
       921
       +
       						email_notifications_enabled:

     

       922
       922
       +
       							prefs?.email_notifications_enabled === 1,

     

       923
       923
       +
       					});

     

       924
       924
       +
       				} catch (err) {

     

       925
       925
       +
       					return handleError(err);

     

       926
       926
       +
       				}

     

       808
       927
        
       			},

     

       809
       928
        
       		},

     

       810
       929
        
       		"/api/passkeys/register/options": {

     

       811
       930
        
       			POST: async (req) => {

     

       812
       931
        
       				try {

     

       813
       932
        
       					const user = requireAuth(req);

     

       933
       933
       +
       

     

       934
       934
       +
       					const rateLimitError = enforceRateLimit(

     

       935
       935
       +
       						req,

     

       936
       936
       +
       						"passkey-register-options",

     

       937
       937
       +
       						{

     

       938
       938
       +
       							ip: { max: 10, windowSeconds: 5 * 60 },

     

       939
       939
       +
       						},

     

       940
       940
       +
       					);

     

       941
       941
       +
       					if (rateLimitError) return rateLimitError;

     

       942
       942
       +
       

     

       814
       943
        
       					const options = await createRegistrationOptions(user);

     

       815
       944
        
       					return Response.json(options);

     

       816
       945
        
       				} catch (err) {

     
···

       822
       951
        
       			POST: async (req) => {

     

       823
       952
        
       				try {

     

       824
       953
        
       					const _user = requireAuth(req);

     

       954
       954
       +
       

     

       955
       955
       +
       					const rateLimitError = enforceRateLimit(

     

       956
       956
       +
       						req,

     

       957
       957
       +
       						"passkey-register-verify",

     

       958
       958
       +
       						{

     

       959
       959
       +
       							ip: { max: 10, windowSeconds: 5 * 60 },

     

       960
       960
       +
       						},

     

       961
       961
       +
       					);

     

       962
       962
       +
       					if (rateLimitError) return rateLimitError;

     

       963
       963
       +
       

     

       825
       964
        
       					const body = await req.json();

     

       826
       965
        
       					const { response: credentialResponse, challenge, name } = body;

     

       827
       966
        
       

     
···

       847
       986
        
       		"/api/passkeys/authenticate/options": {

     

       848
       987
        
       			POST: async (req) => {

     

       849
       988
        
       				try {

     

       989
       989
       +
       					const rateLimitError = enforceRateLimit(req, "passkey-auth-options", {

     

       990
       990
       +
       						ip: { max: 10, windowSeconds: 5 * 60 },

     

       991
       991
       +
       					});

     

       992
       992
       +
       					if (rateLimitError) return rateLimitError;

     

       993
       993
       +
       

     

       850
       994
        
       					const body = await req.json();

     

       851
       995
        
       					const { email } = body;

     

       852
       996
        
       

     
···

       860
       1004
        
       		"/api/passkeys/authenticate/verify": {

     

       861
       1005
        
       			POST: async (req) => {

     

       862
       1006
        
       				try {

     

       1007
       1007
       +
       					const rateLimitError = enforceRateLimit(req, "passkey-auth-verify", {

     

       1008
       1008
       +
       						ip: { max: 10, windowSeconds: 5 * 60 },

     

       1009
       1009
       +
       					});

     

       1010
       1010
       +
       					if (rateLimitError) return rateLimitError;

     

       1011
       1011
       +
       

     

       863
       1012
        
       					const body = await req.json();

     

       864
       1013
        
       					const { response: credentialResponse, challenge } = body;

     

       865
       1014
        
       

     
···

       925
       1074
        
       			PUT: async (req) => {

     

       926
       1075
        
       				try {

     

       927
       1076
        
       					const user = requireAuth(req);

     

       1077
       1077
       +
       

     

       1078
       1078
       +
       					const rateLimitError = enforceRateLimit(req, "passkey-update", {

     

       1079
       1079
       +
       						ip: { max: 10, windowSeconds: 60 * 60 },

     

       1080
       1080
       +
       					});

     

       1081
       1081
       +
       					if (rateLimitError) return rateLimitError;

     

       1082
       1082
       +
       

     

       928
       1083
        
       					const body = await req.json();

     

       929
       1084
        
       					const { name } = body;

     

       930
       1085
        
       					const passkeyId = req.params.id;

     
···

       934
       1089
        
       					}

     

       935
       1090
        
       

     

       936
       1091
        
       					updatePasskeyName(passkeyId, user.id, name);

     

       937
       937
       -
       					return Response.json({ success: true });

     

       1092
       1092
       +
       					return new Response(null, { status: 204 });

     

       938
       1093
        
       				} catch (err) {

     

       939
       1094
        
       					return handleError(err);

     

       940
       1095
        
       				}

     
···

       942
       1097
        
       			DELETE: async (req) => {

     

       943
       1098
        
       				try {

     

       944
       1099
        
       					const user = requireAuth(req);

     

       1100
       1100
       +
       

     

       1101
       1101
       +
       					const rateLimitError = enforceRateLimit(req, "passkey-delete", {

     

       1102
       1102
       +
       						ip: { max: 10, windowSeconds: 60 * 60 },

     

       1103
       1103
       +
       					});

     

       1104
       1104
       +
       					if (rateLimitError) return rateLimitError;

     

       1105
       1105
       +
       

     

       945
       1106
        
       					const passkeyId = req.params.id;

     

       946
       1107
        
       					deletePasskey(passkeyId, user.id);

     

       947
       947
       -
       					return Response.json({ success: true });

     

       1108
       1108
       +
       					return new Response(null, { status: 204 });

     

       948
       1109
        
       				} catch (err) {

     

       949
       1110
        
       					return handleError(err);

     

       950
       1111
        
       				}

     
···

       952
       1113
        
       		},

     

       953
       1114
        
       		"/api/sessions": {

     

       954
       1115
        
       			GET: (req) => {

     

       955
       955
       -
       				const sessionId = getSessionFromRequest(req);

     

       956
       956
       -
       				if (!sessionId) {

     

       957
       957
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       958
       958
       -
       				}

     

       959
       959
       -
       				const user = getUserBySession(sessionId);

     

       960
       960
       -
       				if (!user) {

     

       961
       961
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1116
       1116
       +
       				try {

     

       1117
       1117
       +
       					const sessionId = getSessionFromRequest(req);

     

       1118
       1118
       +
       					if (!sessionId) {

     

       1119
       1119
       +
       						return Response.json(

     

       1120
       1120
       +
       							{ error: "Not authenticated" },

     

       1121
       1121
       +
       							{ status: 401 },

     

       1122
       1122
       +
       						);

     

       1123
       1123
       +
       					}

     

       1124
       1124
       +
       					const user = getUserBySession(sessionId);

     

       1125
       1125
       +
       					if (!user) {

     

       1126
       1126
       +
       						return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1127
       1127
       +
       					}

     

       1128
       1128
       +
       					const sessions = getUserSessionsForUser(user.id);

     

       1129
       1129
       +
       					return Response.json({

     

       1130
       1130
       +
       						sessions: sessions.map((s) => ({

     

       1131
       1131
       +
       							id: s.id,

     

       1132
       1132
       +
       							ip_address: s.ip_address,

     

       1133
       1133
       +
       							user_agent: s.user_agent,

     

       1134
       1134
       +
       							created_at: s.created_at,

     

       1135
       1135
       +
       							expires_at: s.expires_at,

     

       1136
       1136
       +
       							is_current: s.id === sessionId,

     

       1137
       1137
       +
       						})),

     

       1138
       1138
       +
       					});

     

       1139
       1139
       +
       				} catch (err) {

     

       1140
       1140
       +
       					return handleError(err);

     

       962
       1141
        
       				}

     

       963
       963
       -
       				const sessions = getUserSessionsForUser(user.id);

     

       964
       964
       -
       				return Response.json({

     

       965
       965
       -
       					sessions: sessions.map((s) => ({

     

       966
       966
       -
       						id: s.id,

     

       967
       967
       -
       						ip_address: s.ip_address,

     

       968
       968
       -
       						user_agent: s.user_agent,

     

       969
       969
       -
       						created_at: s.created_at,

     

       970
       970
       -
       						expires_at: s.expires_at,

     

       971
       971
       -
       						is_current: s.id === sessionId,

     

       972
       972
       -
       					})),

     

       973
       973
       -
       				});

     

       974
       1142
        
       			},

     

       975
       1143
        
       			DELETE: async (req) => {

     

       976
       976
       -
       				const currentSessionId = getSessionFromRequest(req);

     

       977
       977
       -
       				if (!currentSessionId) {

     

       978
       978
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       979
       979
       -
       				}

     

       980
       980
       -
       				const user = getUserBySession(currentSessionId);

     

       981
       981
       -
       				if (!user) {

     

       982
       982
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       983
       983
       -
       				}

     

       984
       984
       -
       				const body = await req.json();

     

       985
       985
       -
       				const targetSessionId = body.sessionId;

     

       986
       986
       -
       				if (!targetSessionId) {

     

       987
       987
       -
       					return Response.json(

     

       988
       988
       -
       						{ error: "Session ID required" },

     

       989
       989
       -
       						{ status: 400 },

     

       990
       990
       -
       					);

     

       991
       991
       -
       				}

     

       992
       992
       -
       				// Prevent deleting current session

     

       993
       993
       -
       				if (targetSessionId === currentSessionId) {

     

       994
       994
       -
       					return Response.json(

     

       995
       995
       -
       						{ error: "Cannot kill current session. Use logout instead." },

     

       996
       996
       -
       						{ status: 400 },

     

       997
       997
       -
       					);

     

       998
       998
       -
       				}

     

       999
       999
       -
       				// Verify the session belongs to the user

     

       1000
       1000
       -
       				const targetSession = getSession(targetSessionId);

     

       1001
       1001
       -
       				if (!targetSession || targetSession.user_id !== user.id) {

     

       1002
       1002
       -
       					return Response.json({ error: "Session not found" }, { status: 404 });

     

       1144
       1144
       +
       				try {

     

       1145
       1145
       +
       					const currentSessionId = getSessionFromRequest(req);

     

       1146
       1146
       +
       					if (!currentSessionId) {

     

       1147
       1147
       +
       						return Response.json(

     

       1148
       1148
       +
       							{ error: "Not authenticated" },

     

       1149
       1149
       +
       							{ status: 401 },

     

       1150
       1150
       +
       						);

     

       1151
       1151
       +
       					}

     

       1152
       1152
       +
       					const user = getUserBySession(currentSessionId);

     

       1153
       1153
       +
       					if (!user) {

     

       1154
       1154
       +
       						return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1155
       1155
       +
       					}

     

       1156
       1156
       +
       

     

       1157
       1157
       +
       					const rateLimitError = enforceRateLimit(req, "delete-session", {

     

       1158
       1158
       +
       						ip: { max: 20, windowSeconds: 60 * 60 },

     

       1159
       1159
       +
       					});

     

       1160
       1160
       +
       					if (rateLimitError) return rateLimitError;

     

       1161
       1161
       +
       

     

       1162
       1162
       +
       					const body = await req.json();

     

       1163
       1163
       +
       					const targetSessionId = body.sessionId;

     

       1164
       1164
       +
       					if (!targetSessionId) {

     

       1165
       1165
       +
       						return Response.json(

     

       1166
       1166
       +
       							{ error: "Session ID required" },

     

       1167
       1167
       +
       							{ status: 400 },

     

       1168
       1168
       +
       						);

     

       1169
       1169
       +
       					}

     

       1170
       1170
       +
       					// Prevent deleting current session

     

       1171
       1171
       +
       					if (targetSessionId === currentSessionId) {

     

       1172
       1172
       +
       						return Response.json(

     

       1173
       1173
       +
       							{ error: "Cannot kill current session. Use logout instead." },

     

       1174
       1174
       +
       							{ status: 400 },

     

       1175
       1175
       +
       						);

     

       1176
       1176
       +
       					}

     

       1177
       1177
       +
       					// Verify the session belongs to the user

     

       1178
       1178
       +
       					const targetSession = getSession(targetSessionId);

     

       1179
       1179
       +
       					if (!targetSession || targetSession.user_id !== user.id) {

     

       1180
       1180
       +
       						return Response.json({ error: "Forbidden" }, { status: 403 });

     

       1181
       1181
       +
       					}

     

       1182
       1182
       +
       					deleteSession(targetSessionId);

     

       1183
       1183
       +
       					return new Response(null, { status: 204 });

     

       1184
       1184
       +
       				} catch (err) {

     

       1185
       1185
       +
       					return handleError(err);

     

       1003
       1186
        
       				}

     

       1004
       1004
       -
       				deleteSession(targetSessionId);

     

       1005
       1005
       -
       				return Response.json({ success: true });

     

       1006
       1187
        
       			},

     

       1007
       1188
        
       		},

     

       1008
       1189
        
       		"/api/user": {

     

       1009
       1190
        
       			DELETE: async (req) => {

     

       1010
       1010
       -
       				const sessionId = getSessionFromRequest(req);

     

       1011
       1011
       -
       				if (!sessionId) {

     

       1012
       1012
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1013
       1013
       -
       				}

     

       1014
       1014
       -
       				const user = getUserBySession(sessionId);

     

       1015
       1015
       -
       				if (!user) {

     

       1016
       1016
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1017
       1017
       -
       				}

     

       1191
       1191
       +
       				try {

     

       1192
       1192
       +
       					const user = requireAuth(req);

     

       1018
       1193
        
       

     

       1019
       1019
       -
       				// Rate limiting

     

       1020
       1020
       -
       				const rateLimitError = enforceRateLimit(req, "delete-user", {

     

       1021
       1021
       -
       					ip: { max: 3, windowSeconds: 60 * 60 },

     

       1022
       1022
       -
       				});

     

       1023
       1023
       -
       				if (rateLimitError) return rateLimitError;

     

       1194
       1194
       +
       					// Rate limiting

     

       1195
       1195
       +
       					const rateLimitError = enforceRateLimit(req, "delete-user", {

     

       1196
       1196
       +
       						ip: { max: 3, windowSeconds: 60 * 60 },

     

       1197
       1197
       +
       					});

     

       1198
       1198
       +
       					if (rateLimitError) return rateLimitError;

     

       1024
       1199
        
       

     

       1025
       1025
       -
       				await deleteUser(user.id);

     

       1026
       1026
       -
       				return Response.json(

     

       1027
       1027
       -
       					{ success: true },

     

       1028
       1028
       -
       					{

     

       1200
       1200
       +
       					await deleteUser(user.id);

     

       1201
       1201
       +
       					return new Response(null, {

     

       1202
       1202
       +
       						status: 204,

     

       1029
       1203
        
       						headers: {

     

       1030
       1204
        
       							"Set-Cookie":

     

       1031
       1205
        
       								"session=; HttpOnly; Secure; Path=/; Max-Age=0; SameSite=Lax",

     

       1032
       1206
        
       						},

     

       1033
       1033
       -
       					},

     

       1034
       1034
       -
       				);

     

       1207
       1207
       +
       					});

     

       1208
       1208
       +
       				} catch (err) {

     

       1209
       1209
       +
       					return handleError(err);

     

       1210
       1210
       +
       				}

     

       1035
       1211
        
       			},

     

       1036
       1212
        
       		},

     

       1037
       1213
        
       		"/api/user/email": {

     

       1038
       1214
        
       			PUT: async (req) => {

     

       1039
       1039
       -
       				const sessionId = getSessionFromRequest(req);

     

       1040
       1040
       -
       				if (!sessionId) {

     

       1041
       1041
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1042
       1042
       -
       				}

     

       1043
       1043
       -
       				const user = getUserBySession(sessionId);

     

       1044
       1044
       -
       				if (!user) {

     

       1045
       1045
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1046
       1046
       -
       				}

     

       1215
       1215
       +
       				try {

     

       1216
       1216
       +
       					const user = requireAuth(req);

     

       1047
       1217
        
       

     

       1048
       1048
       -
       				// Rate limiting

     

       1049
       1049
       -
       				const rateLimitError = enforceRateLimit(req, "update-email", {

     

       1050
       1050
       -
       					ip: { max: 5, windowSeconds: 60 * 60 },

     

       1051
       1051
       -
       				});

     

       1052
       1052
       -
       				if (rateLimitError) return rateLimitError;

     

       1218
       1218
       +
       					// Rate limiting

     

       1219
       1219
       +
       					const rateLimitError = enforceRateLimit(req, "update-email", {

     

       1220
       1220
       +
       						ip: { max: 5, windowSeconds: 60 * 60 },

     

       1221
       1221
       +
       					});

     

       1222
       1222
       +
       					if (rateLimitError) return rateLimitError;

     

       1053
       1223
        
       

     

       1054
       1054
       -
       				const body = await req.json();

     

       1055
       1055
       -
       				const { email } = body;

     

       1056
       1056
       -
       				if (!email) {

     

       1057
       1057
       -
       					return Response.json({ error: "Email required" }, { status: 400 });

     

       1058
       1058
       -
       				}

     

       1059
       1059
       -
       				try {

     

       1060
       1060
       -
       					updateUserEmail(user.id, email);

     

       1061
       1061
       -
       					return Response.json({ success: true });

     

       1062
       1062
       -
       				} catch (err: unknown) {

     

       1063
       1063
       -
       					const error = err as { message?: string };

     

       1064
       1064
       -
       					if (error.message?.includes("UNIQUE constraint failed")) {

     

       1224
       1224
       +
       					const body = await req.json();

     

       1225
       1225
       +
       					const { email } = body;

     

       1226
       1226
       +
       					if (!email) {

     

       1227
       1227
       +
       						return Response.json({ error: "Email required" }, { status: 400 });

     

       1228
       1228
       +
       					}

     

       1229
       1229
       +
       

     

       1230
       1230
       +
       					// Check if email is already in use

     

       1231
       1231
       +
       					const existingUser = getUserByEmail(email);

     

       1232
       1232
       +
       					if (existingUser) {

     

       1065
       1233
        
       						return Response.json(

     

       1066
       1234
        
       							{ error: "Email already in use" },

     

       1067
       1067
       -
       							{ status: 400 },

     

       1235
       1235
       +
       							{ status: 409 },

     

       1068
       1236
        
       						);

     

       1069
       1237
        
       					}

     

       1070
       1070
       -
       					return Response.json(

     

       1071
       1071
       -
       						{ error: "Failed to update email" },

     

       1072
       1072
       -
       						{ status: 500 },

     

       1073
       1073
       -
       					);

     

       1238
       1238
       +
       

     

       1239
       1239
       +
       					try {

     

       1240
       1240
       +
       						// Create email change token

     

       1241
       1241
       +
       						const token = createEmailChangeToken(user.id, email);

     

       1242
       1242
       +
       

     

       1243
       1243
       +
       						// Send verification email to the CURRENT address

     

       1244
       1244
       +
       						const origin = process.env.ORIGIN || "http://localhost:3000";

     

       1245
       1245
       +
       						const verifyUrl = `${origin}/api/user/email/verify?token=${token}`;

     

       1246
       1246
       +
       

     

       1247
       1247
       +
       						await sendEmail({

     

       1248
       1248
       +
       							to: user.email,

     

       1249
       1249
       +
       							subject: "Verify your email change",

     

       1250
       1250
       +
       							html: emailChangeTemplate({

     

       1251
       1251
       +
       								name: user.name,

     

       1252
       1252
       +
       								currentEmail: user.email,

     

       1253
       1253
       +
       								newEmail: email,

     

       1254
       1254
       +
       								verifyLink: verifyUrl,

     

       1255
       1255
       +
       							}),

     

       1256
       1256
       +
       						});

     

       1257
       1257
       +
       

     

       1258
       1258
       +
       						return Response.json({

     

       1259
       1259
       +
       							success: true,

     

       1260
       1260
       +
       							message: `Verification email sent to ${user.email}`,

     

       1261
       1261
       +
       							pendingEmail: email,

     

       1262
       1262
       +
       						});

     

       1263
       1263
       +
       					} catch (error) {

     

       1264
       1264
       +
       						console.error(

     

       1265
       1265
       +
       							"[Email] Failed to send email change verification:",

     

       1266
       1266
       +
       							error,

     

       1267
       1267
       +
       						);

     

       1268
       1268
       +
       						return Response.json(

     

       1269
       1269
       +
       							{ error: "Failed to send verification email" },

     

       1270
       1270
       +
       							{ status: 500 },

     

       1271
       1271
       +
       						);

     

       1272
       1272
       +
       					}

     

       1273
       1273
       +
       				} catch (err) {

     

       1274
       1274
       +
       					return handleError(err);

     

       1074
       1275
        
       				}

     

       1075
       1276
        
       			},

     

       1076
       1277
        
       		},

     

       1077
       1077
       -
       		"/api/user/password": {

     

       1078
       1078
       -
       			PUT: async (req) => {

     

       1079
       1079
       -
       				const sessionId = getSessionFromRequest(req);

     

       1080
       1080
       -
       				if (!sessionId) {

     

       1081
       1081
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1082
       1082
       -
       				}

     

       1083
       1083
       -
       				const user = getUserBySession(sessionId);

     

       1084
       1084
       -
       				if (!user) {

     

       1085
       1085
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1086
       1086
       -
       				}

     

       1278
       1278
       +
       		"/api/user/email/verify": {

     

       1279
       1279
       +
       			GET: async (req) => {

     

       1280
       1280
       +
       				try {

     

       1281
       1281
       +
       					const url = new URL(req.url);

     

       1282
       1282
       +
       					const token = url.searchParams.get("token");

     

       1087
       1283
        
       

     

       1088
       1088
       -
       				// Rate limiting

     

       1089
       1089
       -
       				const rateLimitError = enforceRateLimit(req, "update-password", {

     

       1090
       1090
       -
       					ip: { max: 5, windowSeconds: 60 * 60 },

     

       1091
       1091
       -
       				});

     

       1092
       1092
       -
       				if (rateLimitError) return rateLimitError;

     

       1284
       1284
       +
       					if (!token) {

     

       1285
       1285
       +
       						return Response.redirect(

     

       1286
       1286
       +
       							"/settings?tab=account&error=invalid-token",

     

       1287
       1287
       +
       							302,

     

       1288
       1288
       +
       						);

     

       1289
       1289
       +
       					}

     

       1093
       1290
        
       

     

       1094
       1094
       -
       				const body = await req.json();

     

       1095
       1095
       -
       				const { password } = body;

     

       1096
       1096
       -
       				if (!password) {

     

       1097
       1097
       -
       					return Response.json({ error: "Password required" }, { status: 400 });

     

       1098
       1098
       -
       				}

     

       1099
       1099
       -
       				// Password is client-side hashed (PBKDF2), should be 64 char hex

     

       1100
       1100
       -
       				if (password.length !== 64 || !/^[0-9a-f]+$/.test(password)) {

     

       1101
       1101
       -
       					return Response.json(

     

       1102
       1102
       -
       						{ error: "Invalid password format" },

     

       1103
       1103
       -
       						{ status: 400 },

     

       1291
       1291
       +
       					const result = verifyEmailChangeToken(token);

     

       1292
       1292
       +
       

     

       1293
       1293
       +
       					if (!result) {

     

       1294
       1294
       +
       						return Response.redirect(

     

       1295
       1295
       +
       							"/settings?tab=account&error=expired-token",

     

       1296
       1296
       +
       							302,

     

       1297
       1297
       +
       						);

     

       1298
       1298
       +
       					}

     

       1299
       1299
       +
       

     

       1300
       1300
       +
       					// Update the user's email

     

       1301
       1301
       +
       					updateUserEmail(result.userId, result.newEmail);

     

       1302
       1302
       +
       

     

       1303
       1303
       +
       					// Consume the token

     

       1304
       1304
       +
       					consumeEmailChangeToken(token);

     

       1305
       1305
       +
       

     

       1306
       1306
       +
       					// Redirect to settings with success message

     

       1307
       1307
       +
       					return Response.redirect(

     

       1308
       1308
       +
       						"/settings?tab=account&success=email-changed",

     

       1309
       1309
       +
       						302,

     

       1310
       1310
       +
       					);

     

       1311
       1311
       +
       				} catch (error) {

     

       1312
       1312
       +
       					console.error("[Email] Email change verification error:", error);

     

       1313
       1313
       +
       					return Response.redirect(

     

       1314
       1314
       +
       						"/settings?tab=account&error=verification-failed",

     

       1315
       1315
       +
       						302,

     

       1104
       1316
        
       					);

     

       1105
       1317
        
       				}

     

       1318
       1318
       +
       			},

     

       1319
       1319
       +
       		},

     

       1320
       1320
       +
       		"/api/user/password": {

     

       1321
       1321
       +
       			PUT: async (req) => {

     

       1106
       1322
        
       				try {

     

       1107
       1107
       -
       					await updateUserPassword(user.id, password);

     

       1108
       1108
       -
       					return Response.json({ success: true });

     

       1109
       1109
       -
       				} catch {

     

       1110
       1110
       -
       					return Response.json(

     

       1111
       1111
       -
       						{ error: "Failed to update password" },

     

       1112
       1112
       -
       						{ status: 500 },

     

       1113
       1113
       -
       					);

     

       1323
       1323
       +
       					const user = requireAuth(req);

     

       1324
       1324
       +
       

     

       1325
       1325
       +
       					// Rate limiting

     

       1326
       1326
       +
       					const rateLimitError = enforceRateLimit(req, "update-password", {

     

       1327
       1327
       +
       						ip: { max: 5, windowSeconds: 60 * 60 },

     

       1328
       1328
       +
       					});

     

       1329
       1329
       +
       					if (rateLimitError) return rateLimitError;

     

       1330
       1330
       +
       

     

       1331
       1331
       +
       					const body = await req.json();

     

       1332
       1332
       +
       					const { password } = body;

     

       1333
       1333
       +
       					if (!password) {

     

       1334
       1334
       +
       						return Response.json(

     

       1335
       1335
       +
       							{ error: "Password required" },

     

       1336
       1336
       +
       							{ status: 400 },

     

       1337
       1337
       +
       						);

     

       1338
       1338
       +
       					}

     

       1339
       1339
       +
       					// Validate password format (client-side hashed PBKDF2)

     

       1340
       1340
       +
       					const passwordValidation = validatePasswordHash(password);

     

       1341
       1341
       +
       					if (!passwordValidation.valid) {

     

       1342
       1342
       +
       						return Response.json(

     

       1343
       1343
       +
       							{ error: passwordValidation.error },

     

       1344
       1344
       +
       							{ status: 400 },

     

       1345
       1345
       +
       						);

     

       1346
       1346
       +
       					}

     

       1347
       1347
       +
       					try {

     

       1348
       1348
       +
       						await updateUserPassword(user.id, password);

     

       1349
       1349
       +
       						return Response.json({ success: true });

     

       1350
       1350
       +
       					} catch {

     

       1351
       1351
       +
       						return Response.json(

     

       1352
       1352
       +
       							{ error: "Failed to update password" },

     

       1353
       1353
       +
       							{ status: 500 },

     

       1354
       1354
       +
       						);

     

       1355
       1355
       +
       					}

     

       1356
       1356
       +
       				} catch (err) {

     

       1357
       1357
       +
       					return handleError(err);

     

       1114
       1358
        
       				}

     

       1115
       1359
        
       			},

     

       1116
       1360
        
       		},

     

       1117
       1361
        
       		"/api/user/name": {

     

       1118
       1362
        
       			PUT: async (req) => {

     

       1119
       1119
       -
       				const sessionId = getSessionFromRequest(req);

     

       1120
       1120
       -
       				if (!sessionId) {

     

       1121
       1121
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1122
       1122
       -
       				}

     

       1123
       1123
       -
       				const user = getUserBySession(sessionId);

     

       1124
       1124
       -
       				if (!user) {

     

       1125
       1125
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1126
       1126
       -
       				}

     

       1127
       1127
       -
       				const body = await req.json();

     

       1128
       1128
       -
       				const { name } = body;

     

       1129
       1129
       -
       				if (!name) {

     

       1130
       1130
       -
       					return Response.json({ error: "Name required" }, { status: 400 });

     

       1131
       1131
       -
       				}

     

       1132
       1363
        
       				try {

     

       1133
       1133
       -
       					updateUserName(user.id, name);

     

       1134
       1134
       -
       					return Response.json({ success: true });

     

       1135
       1135
       -
       				} catch {

     

       1136
       1136
       -
       					return Response.json(

     

       1137
       1137
       -
       						{ error: "Failed to update name" },

     

       1138
       1138
       -
       						{ status: 500 },

     

       1139
       1139
       -
       					);

     

       1364
       1364
       +
       					const user = requireAuth(req);

     

       1365
       1365
       +
       

     

       1366
       1366
       +
       					const rateLimitError = enforceRateLimit(req, "update-name", {

     

       1367
       1367
       +
       						ip: { max: 10, windowSeconds: 5 * 60 },

     

       1368
       1368
       +
       					});

     

       1369
       1369
       +
       					if (rateLimitError) return rateLimitError;

     

       1370
       1370
       +
       

     

       1371
       1371
       +
       					const body = await req.json();

     

       1372
       1372
       +
       					const { name } = body;

     

       1373
       1373
       +
       					if (!name) {

     

       1374
       1374
       +
       						return Response.json({ error: "Name required" }, { status: 400 });

     

       1375
       1375
       +
       					}

     

       1376
       1376
       +
       					try {

     

       1377
       1377
       +
       						updateUserName(user.id, name);

     

       1378
       1378
       +
       						return Response.json({ success: true });

     

       1379
       1379
       +
       					} catch {

     

       1380
       1380
       +
       						return Response.json(

     

       1381
       1381
       +
       							{ error: "Failed to update name" },

     

       1382
       1382
       +
       							{ status: 500 },

     

       1383
       1383
       +
       						);

     

       1384
       1384
       +
       					}

     

       1385
       1385
       +
       				} catch (err) {

     

       1386
       1386
       +
       					return handleError(err);

     

       1140
       1387
        
       				}

     

       1141
       1388
        
       			},

     

       1142
       1389
        
       		},

     

       1143
       1390
        
       		"/api/user/avatar": {

     

       1144
       1391
        
       			PUT: async (req) => {

     

       1145
       1145
       -
       				const sessionId = getSessionFromRequest(req);

     

       1146
       1146
       -
       				if (!sessionId) {

     

       1147
       1147
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1148
       1148
       -
       				}

     

       1149
       1149
       -
       				const user = getUserBySession(sessionId);

     

       1150
       1150
       -
       				if (!user) {

     

       1151
       1151
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1152
       1152
       -
       				}

     

       1153
       1153
       -
       				const body = await req.json();

     

       1154
       1154
       -
       				const { avatar } = body;

     

       1155
       1155
       -
       				if (!avatar) {

     

       1156
       1156
       -
       					return Response.json({ error: "Avatar required" }, { status: 400 });

     

       1157
       1157
       -
       				}

     

       1158
       1392
        
       				try {

     

       1159
       1159
       -
       					updateUserAvatar(user.id, avatar);

     

       1160
       1160
       -
       					return Response.json({ success: true });

     

       1161
       1161
       -
       				} catch {

     

       1162
       1162
       -
       					return Response.json(

     

       1163
       1163
       -
       						{ error: "Failed to update avatar" },

     

       1164
       1164
       -
       						{ status: 500 },

     

       1165
       1165
       -
       					);

     

       1393
       1393
       +
       					const user = requireAuth(req);

     

       1394
       1394
       +
       

     

       1395
       1395
       +
       					const rateLimitError = enforceRateLimit(req, "update-avatar", {

     

       1396
       1396
       +
       						ip: { max: 10, windowSeconds: 5 * 60 },

     

       1397
       1397
       +
       					});

     

       1398
       1398
       +
       					if (rateLimitError) return rateLimitError;

     

       1399
       1399
       +
       

     

       1400
       1400
       +
       					const body = await req.json();

     

       1401
       1401
       +
       					const { avatar } = body;

     

       1402
       1402
       +
       					if (!avatar) {

     

       1403
       1403
       +
       						return Response.json({ error: "Avatar required" }, { status: 400 });

     

       1404
       1404
       +
       					}

     

       1405
       1405
       +
       					try {

     

       1406
       1406
       +
       						updateUserAvatar(user.id, avatar);

     

       1407
       1407
       +
       						return Response.json({ success: true });

     

       1408
       1408
       +
       					} catch {

     

       1409
       1409
       +
       						return Response.json(

     

       1410
       1410
       +
       							{ error: "Failed to update avatar" },

     

       1411
       1411
       +
       							{ status: 500 },

     

       1412
       1412
       +
       						);

     

       1413
       1413
       +
       					}

     

       1414
       1414
       +
       				} catch (err) {

     

       1415
       1415
       +
       					return handleError(err);

     

       1166
       1416
        
       				}

     

       1167
       1417
        
       			},

     

       1168
       1418
        
       		},

     

       1169
       1419
        
       		"/api/user/notifications": {

     

       1170
       1420
        
       			PUT: async (req) => {

     

       1171
       1171
       -
       				const sessionId = getSessionFromRequest(req);

     

       1172
       1172
       -
       				if (!sessionId) {

     

       1173
       1173
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1174
       1174
       -
       				}

     

       1175
       1175
       -
       				const user = getUserBySession(sessionId);

     

       1176
       1176
       -
       				if (!user) {

     

       1177
       1177
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1178
       1178
       -
       				}

     

       1179
       1179
       -
       				const body = await req.json();

     

       1180
       1180
       -
       				const { email_notifications_enabled } = body;

     

       1181
       1181
       -
       				if (typeof email_notifications_enabled !== "boolean") {

     

       1182
       1182
       -
       					return Response.json({ error: "email_notifications_enabled must be a boolean" }, { status: 400 });

     

       1183
       1183
       -
       				}

     

       1184
       1421
        
       				try {

     

       1185
       1185
       -
       					db.run("UPDATE users SET email_notifications_enabled = ? WHERE id = ?", [email_notifications_enabled ? 1 : 0, user.id]);

     

       1186
       1186
       -
       					return Response.json({ success: true });

     

       1187
       1187
       -
       				} catch {

     

       1188
       1188
       -
       					return Response.json(

     

       1189
       1189
       -
       						{ error: "Failed to update notification settings" },

     

       1190
       1190
       -
       						{ status: 500 },

     

       1191
       1191
       -
       					);

     

       1192
       1192
       -
       				}

     

       1193
       1193
       -
       			},

     

       1194
       1194
       -
       		},

     

       1195
       1195
       -
       		"/api/billing/checkout": {

     

       1196
       1196
       -
       			POST: async (req) => {

     

       1197
       1197
       -
       				const sessionId = getSessionFromRequest(req);

     

       1198
       1198
       -
       				if (!sessionId) {

     

       1199
       1199
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1200
       1200
       -
       				}

     

       1201
       1201
       -
       				const user = getUserBySession(sessionId);

     

       1202
       1202
       -
       				if (!user) {

     

       1203
       1203
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1204
       1204
       -
       				}

     

       1422
       1422
       +
       					const user = requireAuth(req);

     

       1205
       1423
        
       

     

       1206
       1206
       -
       				try {

     

       1207
       1207
       -
       					const { polar } = await import("./lib/polar");

     

       1424
       1424
       +
       					const rateLimitError = enforceRateLimit(req, "update-notifications", {

     

       1425
       1425
       +
       						ip: { max: 10, windowSeconds: 5 * 60 },

     

       1426
       1426
       +
       					});

     

       1427
       1427
       +
       					if (rateLimitError) return rateLimitError;

     

       1208
       1428
        
       

     

       1209
       1209
       -
       					const productId = process.env.POLAR_PRODUCT_ID;

     

       1210
       1210
       -
       					if (!productId) {

     

       1429
       1429
       +
       					const body = await req.json();

     

       1430
       1430
       +
       					const { email_notifications_enabled } = body;

     

       1431
       1431
       +
       					if (typeof email_notifications_enabled !== "boolean") {

     

       1211
       1432
        
       						return Response.json(

     

       1212
       1212
       -
       							{ error: "Product not configured" },

     

       1213
       1213
       -
       							{ status: 500 },

     

       1433
       1433
       +
       							{ error: "email_notifications_enabled must be a boolean" },

     

       1434
       1434
       +
       							{ status: 400 },

     

       1214
       1435
        
       						);

     

       1215
       1436
        
       					}

     

       1216
       1216
       -
       

     

       1217
       1217
       -
       					const successUrl = process.env.POLAR_SUCCESS_URL;

     

       1218
       1218
       -
       					if (!successUrl) {

     

       1437
       1437
       +
       					try {

     

       1438
       1438
       +
       						db.run(

     

       1439
       1439
       +
       							"UPDATE users SET email_notifications_enabled = ? WHERE id = ?",

     

       1440
       1440
       +
       							[email_notifications_enabled ? 1 : 0, user.id],

     

       1441
       1441
       +
       						);

     

       1442
       1442
       +
       						return Response.json({ success: true });

     

       1443
       1443
       +
       					} catch {

     

       1219
       1444
        
       						return Response.json(

     

       1220
       1220
       -
       							{ error: "Success URL not configured" },

     

       1445
       1445
       +
       							{ error: "Failed to update notification settings" },

     

       1221
       1446
        
       							{ status: 500 },

     

       1222
       1447
        
       						);

     

       1223
       1448
        
       					}

     

       1449
       1449
       +
       				} catch (err) {

     

       1450
       1450
       +
       					return handleError(err);

     

       1451
       1451
       +
       				}

     

       1452
       1452
       +
       			},

     

       1453
       1453
       +
       		},

     

       1454
       1454
       +
       		"/api/billing/checkout": {

     

       1455
       1455
       +
       			POST: async (req) => {

     

       1456
       1456
       +
       				try {

     

       1457
       1457
       +
       					const user = requireAuth(req);

     

       1458
       1458
       +
       

     

       1459
       1459
       +
       					const { polar } = await import("./lib/polar");

     

       1460
       1460
       +
       

     

       1461
       1461
       +
       					// Validated at startup

     

       1462
       1462
       +
       					const productId = process.env.POLAR_PRODUCT_ID as string;

     

       1463
       1463
       +
       					const successUrl =

     

       1464
       1464
       +
       						process.env.POLAR_SUCCESS_URL || "http://localhost:3000";

     

       1224
       1465
        
       

     

       1225
       1466
        
       					const checkout = await polar.checkouts.create({

     

       1226
       1467
        
       						products: [productId],

     
···

       1233
       1474
        
       					});

     

       1234
       1475
        
       

     

       1235
       1476
        
       					return Response.json({ url: checkout.url });

     

       1236
       1236
       -
       				} catch (error) {

     

       1237
       1237
       -
       					console.error("Failed to create checkout:", error);

     

       1238
       1238
       -
       					return Response.json(

     

       1239
       1239
       -
       						{ error: "Failed to create checkout session" },

     

       1240
       1240
       -
       						{ status: 500 },

     

       1241
       1241
       -
       					);

     

       1477
       1477
       +
       				} catch (err) {

     

       1478
       1478
       +
       					return handleError(err);

     

       1242
       1479
        
       				}

     

       1243
       1480
        
       			},

     

       1244
       1481
        
       		},

     

       1245
       1482
        
       		"/api/billing/subscription": {

     

       1246
       1483
        
       			GET: async (req) => {

     

       1247
       1247
       -
       				const sessionId = getSessionFromRequest(req);

     

       1248
       1248
       -
       				if (!sessionId) {

     

       1249
       1249
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1250
       1250
       -
       				}

     

       1251
       1251
       -
       				const user = getUserBySession(sessionId);

     

       1252
       1252
       -
       				if (!user) {

     

       1253
       1253
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1254
       1254
       -
       				}

     

       1255
       1255
       -
       

     

       1256
       1484
        
       				try {

     

       1485
       1485
       +
       					const user = requireAuth(req);

     

       1486
       1486
       +
       

     

       1257
       1487
        
       					// Get subscription from database

     

       1258
       1488
        
       					const subscription = db

     

       1259
       1489
        
       						.query<

     
···

       1276
       1506
        
       					}

     

       1277
       1507
        
       

     

       1278
       1508
        
       					return Response.json({ subscription });

     

       1279
       1279
       -
       				} catch (error) {

     

       1280
       1280
       -
       					console.error("Failed to fetch subscription:", error);

     

       1281
       1281
       -
       					return Response.json(

     

       1282
       1282
       -
       						{ error: "Failed to fetch subscription" },

     

       1283
       1283
       -
       						{ status: 500 },

     

       1284
       1284
       -
       					);

     

       1509
       1509
       +
       				} catch (err) {

     

       1510
       1510
       +
       					return handleError(err);

     

       1285
       1511
        
       				}

     

       1286
       1512
        
       			},

     

       1287
       1513
        
       		},

     

       1288
       1514
        
       		"/api/billing/portal": {

     

       1289
       1515
        
       			POST: async (req) => {

     

       1290
       1290
       -
       				const sessionId = getSessionFromRequest(req);

     

       1291
       1291
       -
       				if (!sessionId) {

     

       1292
       1292
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       1293
       1293
       -
       				}

     

       1294
       1294
       -
       				const user = getUserBySession(sessionId);

     

       1295
       1295
       -
       				if (!user) {

     

       1296
       1296
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       1297
       1297
       -
       				}

     

       1516
       1516
       +
       				try {

     

       1517
       1517
       +
       					const user = requireAuth(req);

     

       1298
       1518
        
       

     

       1299
       1299
       -
       				try {

     

       1300
       1519
        
       					const { polar } = await import("./lib/polar");

     

       1301
       1520
        
       

     

       1302
       1521
        
       					// Get subscription to find customer ID

     
···

       1324
       1543
        
       					});

     

       1325
       1544
        
       

     

       1326
       1545
        
       					return Response.json({ url: session.customerPortalUrl });

     

       1327
       1327
       -
       				} catch (error) {

     

       1328
       1328
       -
       					console.error("Failed to create portal session:", error);

     

       1329
       1329
       -
       					return Response.json(

     

       1330
       1330
       -
       						{ error: "Failed to create portal session" },

     

       1331
       1331
       -
       						{ status: 500 },

     

       1332
       1332
       -
       					);

     

       1546
       1546
       +
       				} catch (err) {

     

       1547
       1547
       +
       					return handleError(err);

     

       1333
       1548
        
       				}

     

       1334
       1549
        
       			},

     

       1335
       1550
        
       		},

     

       1336
       1551
        
       		"/api/webhooks/polar": {

     

       1337
       1552
        
       			POST: async (req) => {

     

       1338
       1338
       -
       				try {

     

       1339
       1339
       -
       					const { validateEvent } = await import("@polar-sh/sdk/webhooks");

     

       1340
       1340
       -
       

     

       1341
       1341
       -
       					// Get raw body as string

     

       1342
       1342
       -
       					const rawBody = await req.text();

     

       1343
       1343
       -
       					const headers = Object.fromEntries(req.headers.entries());

     

       1553
       1553
       +
       				const { validateEvent } = await import("@polar-sh/sdk/webhooks");

     

       1344
       1554
        
       

     

       1345
       1345
       -
       					// Validate webhook signature

     

       1346
       1346
       -
       					const webhookSecret = process.env.POLAR_WEBHOOK_SECRET;

     

       1347
       1347
       -
       					if (!webhookSecret) {

     

       1348
       1348
       -
       						console.error("[Webhook] POLAR_WEBHOOK_SECRET not configured");

     

       1349
       1349
       -
       						return Response.json(

     

       1350
       1350
       -
       							{ error: "Webhook secret not configured" },

     

       1351
       1351
       -
       							{ status: 500 },

     

       1352
       1352
       -
       						);

     

       1353
       1353
       -
       					}

     

       1555
       1555
       +
       				// Get raw body as string

     

       1556
       1556
       +
       				const rawBody = await req.text();

     

       1557
       1557
       +
       				const headers = Object.fromEntries(req.headers.entries());

     

       1354
       1558
        
       

     

       1355
       1355
       -
       					const event = validateEvent(rawBody, headers, webhookSecret);

     

       1559
       1559
       +
       				// Validate webhook signature (validated at startup)

     

       1560
       1560
       +
       				const webhookSecret = process.env.POLAR_WEBHOOK_SECRET as string;

     

       1561
       1561
       +
       				let event: ReturnType<typeof validateEvent>;

     

       1562
       1562
       +
       				try {

     

       1563
       1563
       +
       					event = validateEvent(rawBody, headers, webhookSecret);

     

       1564
       1564
       +
       				} catch (error) {

     

       1565
       1565
       +
       					// Validation failed - log but return generic response

     

       1566
       1566
       +
       					console.error("[Webhook] Signature validation failed:", error);

     

       1567
       1567
       +
       					return Response.json({ error: "Invalid webhook" }, { status: 400 });

     

       1568
       1568
       +
       				}

     

       1356
       1569
        
       

     

       1357
       1357
       -
       					console.log(`[Webhook] Received event: ${event.type}`);

     

       1570
       1570
       +
       				console.log(`[Webhook] Received event: ${event.type}`);

     

       1358
       1571
        
       

     

       1359
       1359
       -
       					// Handle different event types

     

       1572
       1572
       +
       				// Handle different event types

     

       1573
       1573
       +
       				try {

     

       1360
       1574
        
       					switch (event.type) {

     

       1361
       1575
        
       						case "subscription.updated": {

     

       1362
       1576
        
       							const { id, status, customerId, metadata } = event.data;

     
···

       1417
       1631
        
       

     

       1418
       1632
        
       					return Response.json({ received: true });

     

       1419
       1633
        
       				} catch (error) {

     

       1420
       1420
       -
       					console.error("[Webhook] Error processing webhook:", error);

     

       1421
       1421
       -
       					return Response.json(

     

       1422
       1422
       -
       						{ error: "Webhook processing failed" },

     

       1423
       1423
       -
       						{ status: 400 },

     

       1424
       1424
       -
       					);

     

       1634
       1634
       +
       					// Processing failed - log with detail but return generic response

     

       1635
       1635
       +
       					console.error("[Webhook] Event processing failed:", error);

     

       1636
       1636
       +
       					return Response.json({ error: "Invalid webhook" }, { status: 400 });

     

       1425
       1637
        
       				}

     

       1426
       1638
        
       			},

     

       1427
       1639
        
       		},

     
···

       1432
       1644
        
       					const transcriptionId = req.params.id;

     

       1433
       1645
        
       					// Verify ownership

     

       1434
       1646
        
       					const transcription = db

     

       1435
       1435
       -
       						.query<{ id: string; user_id: number; class_id: string | null; status: string }, [string]>(

     

       1647
       1647
       +
       						.query<

     

       1648
       1648
       +
       							{

     

       1649
       1649
       +
       								id: string;

     

       1650
       1650
       +
       								user_id: number;

     

       1651
       1651
       +
       								class_id: string | null;

     

       1652
       1652
       +
       								status: string;

     

       1653
       1653
       +
       							},

     

       1654
       1654
       +
       							[string]

     

       1655
       1655
       +
       						>(

     

       1436
       1656
        
       							"SELECT id, user_id, class_id, status FROM transcriptions WHERE id = ?",

     

       1437
       1657
        
       						)

     

       1438
       1658
        
       						.get(transcriptionId);

     

       1439
       1439
       -
       					

     

       1659
       1659
       +
       

     

       1440
       1660
        
       					if (!transcription) {

     

       1441
       1661
        
       						return Response.json(

     

       1442
       1662
        
       							{ error: "Transcription not found" },

     
···

       1451
       1671
        
       

     

       1452
       1672
        
       					// If transcription belongs to a class, check enrollment

     

       1453
       1673
        
       					if (transcription.class_id) {

     

       1454
       1454
       -
       						isClassMember = isUserEnrolledInClass(user.id, transcription.class_id);

     

       1674
       1674
       +
       						isClassMember = isUserEnrolledInClass(

     

       1675
       1675
       +
       							user.id,

     

       1676
       1676
       +
       							transcription.class_id,

     

       1677
       1677
       +
       						);

     

       1455
       1678
        
       					}

     

       1456
       1679
        
       

     

       1457
       1680
        
       					// Allow access if: owner, admin, or enrolled in the class

     

       1458
       1681
        
       					if (!isOwner && !isAdmin && !isClassMember) {

     

       1459
       1459
       -
       						return Response.json(

     

       1460
       1460
       -
       							{ error: "Transcription not found" },

     

       1461
       1461
       -
       							{ status: 404 },

     

       1462
       1462
       -
       						);

     

       1682
       1682
       +
       						return Response.json({ error: "Forbidden" }, { status: 403 });

     

       1463
       1683
        
       					}

     

       1464
       1684
        
       

     

       1465
       1685
        
       					// Require subscription only if accessing own transcription (not class)

     

       1466
       1466
       -
       					if (isOwner && !transcription.class_id && !isAdmin && !hasActiveSubscription(user.id)) {

     

       1686
       1686
       +
       					if (

     

       1687
       1687
       +
       						isOwner &&

     

       1688
       1688
       +
       						!transcription.class_id &&

     

       1689
       1689
       +
       						!isAdmin &&

     

       1690
       1690
       +
       						!hasActiveSubscription(user.id)

     

       1691
       1691
       +
       					) {

     

       1467
       1692
        
       						throw AuthErrors.subscriptionRequired();

     

       1468
       1693
        
       					}

     

       1469
       1694
        
       					// Event-driven SSE stream with reconnection support

     

       1470
       1695
        
       					const stream = new ReadableStream({

     

       1471
       1696
        
       						async start(controller) {

     

       1697
       1697
       +
       							// Track this stream for graceful shutdown

     

       1698
       1698
       +
       							activeSSEStreams.add(controller);

     

       1699
       1699
       +
       

     

       1472
       1700
        
       							const encoder = new TextEncoder();

     

       1473
       1701
        
       							let isClosed = false;

     

       1474
       1702
        
       							let lastEventId = Math.floor(Date.now() / 1000);

     
···

       1519
       1747
        
       								current?.status === "failed"

     

       1520
       1748
        
       							) {

     

       1521
       1749
        
       								isClosed = true;

     

       1750
       1750
       +
       								activeSSEStreams.delete(controller);

     

       1522
       1751
        
       								controller.close();

     

       1523
       1752
        
       								return;

     

       1524
       1753
        
       							}

     
···

       1549
       1778
        
       									isClosed = true;

     

       1550
       1779
        
       									clearInterval(heartbeatInterval);

     

       1551
       1780
        
       									transcriptionEvents.off(transcriptionId, updateHandler);

     

       1781
       1781
       +
       									activeSSEStreams.delete(controller);

     

       1552
       1782
        
       									controller.close();

     

       1553
       1783
        
       								}

     

       1554
       1784
        
       							};

     
···

       1558
       1788
        
       								isClosed = true;

     

       1559
       1789
        
       								clearInterval(heartbeatInterval);

     

       1560
       1790
        
       								transcriptionEvents.off(transcriptionId, updateHandler);

     

       1791
       1791
       +
       								activeSSEStreams.delete(controller);

     

       1561
       1792
        
       							};

     

       1562
       1793
        
       						},

     

       1563
       1794
        
       					});

     
···

       1573
       1804
        
       				}

     

       1574
       1805
        
       			},

     

       1575
       1806
        
       		},

     

       1576
       1576
       -
       		"/api/transcriptions/health": {

     

       1807
       1807
       +
       		"/api/health": {

     

       1577
       1808
        
       			GET: async () => {

     

       1578
       1578
       -
       				const isHealthy = await whisperService.checkHealth();

     

       1579
       1579
       -
       				return Response.json({ available: isHealthy });

     

       1809
       1809
       +
       				const health = {

     

       1810
       1810
       +
       					status: "healthy",

     

       1811
       1811
       +
       					timestamp: new Date().toISOString(),

     

       1812
       1812
       +
       					services: {

     

       1813
       1813
       +
       						database: false,

     

       1814
       1814
       +
       						whisper: false,

     

       1815
       1815
       +
       						storage: false,

     

       1816
       1816
       +
       					},

     

       1817
       1817
       +
       					details: {} as Record<string, unknown>,

     

       1818
       1818
       +
       				};

     

       1819
       1819
       +
       

     

       1820
       1820
       +
       				// Check database

     

       1821
       1821
       +
       				try {

     

       1822
       1822
       +
       					db.query("SELECT 1").get();

     

       1823
       1823
       +
       					health.services.database = true;

     

       1824
       1824
       +
       				} catch (error) {

     

       1825
       1825
       +
       					health.status = "unhealthy";

     

       1826
       1826
       +
       					health.details.databaseError =

     

       1827
       1827
       +
       						error instanceof Error ? error.message : String(error);

     

       1828
       1828
       +
       				}

     

       1829
       1829
       +
       

     

       1830
       1830
       +
       				// Check Whisper service

     

       1831
       1831
       +
       				try {

     

       1832
       1832
       +
       					const whisperHealthy = await whisperService.checkHealth();

     

       1833
       1833
       +
       					health.services.whisper = whisperHealthy;

     

       1834
       1834
       +
       					if (!whisperHealthy) {

     

       1835
       1835
       +
       						health.status = "degraded";

     

       1836
       1836
       +
       						health.details.whisperNote = "Whisper service unavailable";

     

       1837
       1837
       +
       					}

     

       1838
       1838
       +
       				} catch (error) {

     

       1839
       1839
       +
       					health.status = "degraded";

     

       1840
       1840
       +
       					health.details.whisperError =

     

       1841
       1841
       +
       						error instanceof Error ? error.message : String(error);

     

       1842
       1842
       +
       				}

     

       1843
       1843
       +
       

     

       1844
       1844
       +
       				// Check storage (uploads and transcripts directories)

     

       1845
       1845
       +
       				try {

     

       1846
       1846
       +
       					const fs = await import("node:fs/promises");

     

       1847
       1847
       +
       					const uploadsExists = await fs

     

       1848
       1848
       +
       						.access("./uploads")

     

       1849
       1849
       +
       						.then(() => true)

     

       1850
       1850
       +
       						.catch(() => false);

     

       1851
       1851
       +
       					const transcriptsExists = await fs

     

       1852
       1852
       +
       						.access("./transcripts")

     

       1853
       1853
       +
       						.then(() => true)

     

       1854
       1854
       +
       						.catch(() => false);

     

       1855
       1855
       +
       					health.services.storage = uploadsExists && transcriptsExists;

     

       1856
       1856
       +
       					if (!health.services.storage) {

     

       1857
       1857
       +
       						health.status = "unhealthy";

     

       1858
       1858
       +
       						health.details.storageNote = `Missing directories: ${[

     

       1859
       1859
       +
       							!uploadsExists && "uploads",

     

       1860
       1860
       +
       							!transcriptsExists && "transcripts",

     

       1861
       1861
       +
       						]

     

       1862
       1862
       +
       							.filter(Boolean)

     

       1863
       1863
       +
       							.join(", ")}`;

     

       1864
       1864
       +
       					}

     

       1865
       1865
       +
       				} catch (error) {

     

       1866
       1866
       +
       					health.status = "unhealthy";

     

       1867
       1867
       +
       					health.details.storageError =

     

       1868
       1868
       +
       						error instanceof Error ? error.message : String(error);

     

       1869
       1869
       +
       				}

     

       1870
       1870
       +
       

     

       1871
       1871
       +
       				const statusCode = health.status === "healthy" ? 200 : 503;

     

       1872
       1872
       +
       				return Response.json(health, { status: statusCode });

     

       1580
       1873
        
       			},

     

       1581
       1874
        
       		},

     

       1582
       1875
        
       		"/api/transcriptions/:id": {

     
···

       1618
       1911
        
       

     

       1619
       1912
        
       					// If transcription belongs to a class, check enrollment

     

       1620
       1913
        
       					if (transcription.class_id) {

     

       1621
       1621
       -
       						isClassMember = isUserEnrolledInClass(user.id, transcription.class_id);

     

       1914
       1914
       +
       						isClassMember = isUserEnrolledInClass(

     

       1915
       1915
       +
       							user.id,

     

       1916
       1916
       +
       							transcription.class_id,

     

       1917
       1917
       +
       						);

     

       1622
       1918
        
       					}

     

       1623
       1919
        
       

     

       1624
       1920
        
       					// Allow access if: owner, admin, or enrolled in the class

     

       1625
       1921
        
       					if (!isOwner && !isAdmin && !isClassMember) {

     

       1626
       1626
       -
       						return Response.json(

     

       1627
       1627
       -
       							{ error: "Transcription not found" },

     

       1628
       1628
       -
       							{ status: 404 },

     

       1629
       1629
       -
       						);

     

       1922
       1922
       +
       						return Response.json({ error: "Forbidden" }, { status: 403 });

     

       1630
       1923
        
       					}

     

       1631
       1924
        
       

     

       1632
       1925
        
       					// Require subscription only if accessing own transcription (not class)

     

       1633
       1633
       -
       					if (isOwner && !transcription.class_id && !isAdmin && !hasActiveSubscription(user.id)) {

     

       1926
       1926
       +
       					if (

     

       1927
       1927
       +
       						isOwner &&

     

       1928
       1928
       +
       						!transcription.class_id &&

     

       1929
       1929
       +
       						!isAdmin &&

     

       1930
       1930
       +
       						!hasActiveSubscription(user.id)

     

       1931
       1931
       +
       					) {

     

       1634
       1932
        
       						throw AuthErrors.subscriptionRequired();

     

       1635
       1933
        
       					}

     

       1636
       1934
        
       

     

       1637
       1935
        
       					if (transcription.status !== "completed") {

     

       1638
       1936
        
       						return Response.json(

     

       1639
       1937
        
       							{ error: "Transcription not completed yet" },

     

       1640
       1640
       -
       							{ status: 400 },

     

       1938
       1938
       +
       							{ status: 409 },

     

       1641
       1939
        
       						);

     

       1642
       1940
        
       					}

     

       1643
       1941
        
       

     
···

       1718
       2016
        
       

     

       1719
       2017
        
       					// If transcription belongs to a class, check enrollment

     

       1720
       2018
        
       					if (transcription.class_id) {

     

       1721
       1721
       -
       						isClassMember = isUserEnrolledInClass(user.id, transcription.class_id);

     

       2019
       2019
       +
       						isClassMember = isUserEnrolledInClass(

     

       2020
       2020
       +
       							user.id,

     

       2021
       2021
       +
       							transcription.class_id,

     

       2022
       2022
       +
       						);

     

       1722
       2023
        
       					}

     

       1723
       2024
        
       

     

       1724
       2025
        
       					// Allow access if: owner, admin, or enrolled in the class

     

       1725
       2026
        
       					if (!isOwner && !isAdmin && !isClassMember) {

     

       1726
       1726
       -
       						return Response.json(

     

       1727
       1727
       -
       							{ error: "Transcription not found" },

     

       1728
       1728
       -
       							{ status: 404 },

     

       1729
       1729
       -
       						);

     

       2027
       2027
       +
       						return Response.json({ error: "Forbidden" }, { status: 403 });

     

       1730
       2028
        
       					}

     

       1731
       2029
        
       

     

       1732
       2030
        
       					// Require subscription only if accessing own transcription (not class)

     

       1733
       1733
       -
       					if (isOwner && !transcription.class_id && !isAdmin && !hasActiveSubscription(user.id)) {

     

       2031
       2031
       +
       					if (

     

       2032
       2032
       +
       						isOwner &&

     

       2033
       2033
       +
       						!transcription.class_id &&

     

       2034
       2034
       +
       						!isAdmin &&

     

       2035
       2035
       +
       						!hasActiveSubscription(user.id)

     

       2036
       2036
       +
       					) {

     

       1734
       2037
        
       						throw AuthErrors.subscriptionRequired();

     

       1735
       2038
        
       					}

     

       1736
       2039
        
       

     
···

       1793
       2096
        
       				}

     

       1794
       2097
        
       			},

     

       1795
       2098
        
       		},

     

       1796
       1796
       -
       		"/api/transcriptions": {

     

       2099
       2099
       +
       		"/api/transcriptions/detect-meeting-time": {

     

       2100
       2100
       +
       			POST: async (req) => {

     

       2101
       2101
       +
       				try {

     

       2102
       2102
       +
       					const user = requireAuth(req);

     

       2103
       2103
       +
       

     

       2104
       2104
       +
       					const formData = await req.formData();

     

       2105
       2105
       +
       					const file = formData.get("audio") as File;

     

       2106
       2106
       +
       					const classId = formData.get("class_id") as string | null;

     

       2107
       2107
       +
       					const fileTimestampStr = formData.get("file_timestamp") as

     

       2108
       2108
       +
       						| string

     

       2109
       2109
       +
       						| null;

     

       2110
       2110
       +
       

     

       2111
       2111
       +
       					if (!file) throw ValidationErrors.missingField("audio");

     

       2112
       2112
       +
       					if (!classId) throw ValidationErrors.missingField("class_id");

     

       2113
       2113
       +
       

     

       2114
       2114
       +
       					// Verify user is enrolled in the class

     

       2115
       2115
       +
       					const enrolled = isUserEnrolledInClass(user.id, classId);

     

       2116
       2116
       +
       					if (!enrolled && user.role !== "admin") {

     

       2117
       2117
       +
       						return Response.json(

     

       2118
       2118
       +
       							{ error: "Not enrolled in this class" },

     

       2119
       2119
       +
       							{ status: 403 },

     

       2120
       2120
       +
       						);

     

       2121
       2121
       +
       					}

     

       2122
       2122
       +
       

     

       2123
       2123
       +
       					let creationDate: Date | null = null;

     

       2124
       2124
       +
       

     

       2125
       2125
       +
       					// Use client-provided timestamp (from File.lastModified)

     

       2126
       2126
       +
       					if (fileTimestampStr) {

     

       2127
       2127
       +
       						const timestamp = Number.parseInt(fileTimestampStr, 10);

     

       2128
       2128
       +
       						if (!Number.isNaN(timestamp)) {

     

       2129
       2129
       +
       							creationDate = new Date(timestamp);

     

       2130
       2130
       +
       							console.log(

     

       2131
       2131
       +
       								`[Upload] Using file timestamp: ${creationDate.toISOString()}`,

     

       2132
       2132
       +
       							);

     

       2133
       2133
       +
       						}

     

       2134
       2134
       +
       					}

     

       2135
       2135
       +
       

     

       2136
       2136
       +
       					if (!creationDate) {

     

       2137
       2137
       +
       						return Response.json({

     

       2138
       2138
       +
       							detected: false,

     

       2139
       2139
       +
       							meeting_time_id: null,

     

       2140
       2140
       +
       							message: "Could not extract creation date from file",

     

       2141
       2141
       +
       						});

     

       2142
       2142
       +
       					}

     

       2143
       2143
       +
       

     

       2144
       2144
       +
       					// Get meeting times for this class

     

       2145
       2145
       +
       					const meetingTimes = getMeetingTimesForClass(classId);

     

       2146
       2146
       +
       

     

       2147
       2147
       +
       					if (meetingTimes.length === 0) {

     

       2148
       2148
       +
       						return Response.json({

     

       2149
       2149
       +
       							detected: false,

     

       2150
       2150
       +
       							meeting_time_id: null,

     

       2151
       2151
       +
       							message: "No meeting times configured for this class",

     

       2152
       2152
       +
       						});

     

       2153
       2153
       +
       					}

     

       2154
       2154
       +
       

     

       2155
       2155
       +
       					// Find matching meeting time based on day of week

     

       2156
       2156
       +
       					const matchedId = findMatchingMeetingTime(

     

       2157
       2157
       +
       						creationDate,

     

       2158
       2158
       +
       						meetingTimes,

     

       2159
       2159
       +
       					);

     

       2160
       2160
       +
       

     

       2161
       2161
       +
       					if (matchedId) {

     

       2162
       2162
       +
       						const dayName = getDayName(creationDate);

     

       2163
       2163
       +
       						return Response.json({

     

       2164
       2164
       +
       							detected: true,

     

       2165
       2165
       +
       							meeting_time_id: matchedId,

     

       2166
       2166
       +
       							day: dayName,

     

       2167
       2167
       +
       							date: creationDate.toISOString(),

     

       2168
       2168
       +
       						});

     

       2169
       2169
       +
       					}

     

       2170
       2170
       +
       

     

       2171
       2171
       +
       					const dayName = getDayName(creationDate);

     

       2172
       2172
       +
       					return Response.json({

     

       2173
       2173
       +
       						detected: false,

     

       2174
       2174
       +
       						meeting_time_id: null,

     

       2175
       2175
       +
       						day: dayName,

     

       2176
       2176
       +
       						date: creationDate.toISOString(),

     

       2177
       2177
       +
       						message: `No meeting time matches ${dayName}`,

     

       2178
       2178
       +
       					});

     

       2179
       2179
       +
       				} catch (error) {

     

       2180
       2180
       +
       					return handleError(error);

     

       2181
       2181
       +
       				}

     

       2182
       2182
       +
       			},

     

       2183
       2183
       +
       		},

     

       2184
       2184
       +
       		"/api/transcriptions/:id/meeting-time": {

     

       2185
       2185
       +
       			PATCH: async (req) => {

     

       2186
       2186
       +
       				try {

     

       2187
       2187
       +
       					const user = requireAuth(req);

     

       2188
       2188
       +
       					const transcriptionId = req.params.id;

     

       2189
       2189
       +
       

     

       2190
       2190
       +
       					const body = await req.json();

     

       2191
       2191
       +
       					const meetingTimeId = body.meeting_time_id;

     

       2192
       2192
       +
       					const sectionId = body.section_id;

     

       2193
       2193
       +
       

     

       2194
       2194
       +
       					if (!meetingTimeId) {

     

       2195
       2195
       +
       						return Response.json(

     

       2196
       2196
       +
       							{ error: "meeting_time_id required" },

     

       2197
       2197
       +
       							{ status: 400 },

     

       2198
       2198
       +
       						);

     

       2199
       2199
       +
       					}

     

       2200
       2200
       +
       

     

       2201
       2201
       +
       					// Verify transcription ownership

     

       2202
       2202
       +
       					const transcription = db

     

       2203
       2203
       +
       						.query<

     

       2204
       2204
       +
       							{ id: string; user_id: number; class_id: string | null },

     

       2205
       2205
       +
       							[string]

     

       2206
       2206
       +
       						>("SELECT id, user_id, class_id FROM transcriptions WHERE id = ?")

     

       2207
       2207
       +
       						.get(transcriptionId);

     

       2208
       2208
       +
       

     

       2209
       2209
       +
       					if (!transcription) {

     

       2210
       2210
       +
       						return Response.json(

     

       2211
       2211
       +
       							{ error: "Transcription not found" },

     

       2212
       2212
       +
       							{ status: 404 },

     

       2213
       2213
       +
       						);

     

       2214
       2214
       +
       					}

     

       2215
       2215
       +
       

     

       2216
       2216
       +
       					if (transcription.user_id !== user.id && user.role !== "admin") {

     

       2217
       2217
       +
       						return Response.json({ error: "Forbidden" }, { status: 403 });

     

       2218
       2218
       +
       					}

     

       2219
       2219
       +
       

     

       2220
       2220
       +
       					// Verify meeting time belongs to the class

     

       2221
       2221
       +
       					if (transcription.class_id) {

     

       2222
       2222
       +
       						const meetingTime = db

     

       2223
       2223
       +
       							.query<{ id: string }, [string, string]>(

     

       2224
       2224
       +
       								"SELECT id FROM meeting_times WHERE id = ? AND class_id = ?",

     

       2225
       2225
       +
       							)

     

       2226
       2226
       +
       							.get(meetingTimeId, transcription.class_id);

     

       2227
       2227
       +
       

     

       2228
       2228
       +
       						if (!meetingTime) {

     

       2229
       2229
       +
       							return Response.json(

     

       2230
       2230
       +
       								{

     

       2231
       2231
       +
       									error:

     

       2232
       2232
       +
       										"Meeting time does not belong to the class for this transcription",

     

       2233
       2233
       +
       								},

     

       2234
       2234
       +
       								{ status: 400 },

     

       2235
       2235
       +
       							);

     

       2236
       2236
       +
       						}

     

       2237
       2237
       +
       					}

     

       2238
       2238
       +
       

     

       2239
       2239
       +
       					// Update meeting time and optionally section_id

     

       2240
       2240
       +
       					if (sectionId !== undefined) {

     

       2241
       2241
       +
       						db.run(

     

       2242
       2242
       +
       							"UPDATE transcriptions SET meeting_time_id = ?, section_id = ? WHERE id = ?",

     

       2243
       2243
       +
       							[meetingTimeId, sectionId, transcriptionId],

     

       2244
       2244
       +
       						);

     

       2245
       2245
       +
       					} else {

     

       2246
       2246
       +
       						db.run(

     

       2247
       2247
       +
       							"UPDATE transcriptions SET meeting_time_id = ? WHERE id = ?",

     

       2248
       2248
       +
       							[meetingTimeId, transcriptionId],

     

       2249
       2249
       +
       						);

     

       2250
       2250
       +
       					}

     

       2251
       2251
       +
       

     

       2252
       2252
       +
       					return Response.json({

     

       2253
       2253
       +
       						success: true,

     

       2254
       2254
       +
       						message: "Meeting time updated successfully",

     

       2255
       2255
       +
       					});

     

       2256
       2256
       +
       				} catch (error) {

     

       2257
       2257
       +
       					return handleError(error);

     

       2258
       2258
       +
       				}

     

       2259
       2259
       +
       			},

     

       2260
       2260
       +
       		},

     

       2261
       2261
       +
       		"/api/classes/:classId/meetings/:meetingTimeId/recordings": {

     

       1797
       2262
        
       			GET: async (req) => {

     

       1798
       2263
        
       				try {

     

       1799
       1799
       -
       					const user = requireSubscription(req);

     

       2264
       2264
       +
       					const user = requireAuth(req);

     

       2265
       2265
       +
       					const classId = req.params.classId;

     

       2266
       2266
       +
       					const meetingTimeId = req.params.meetingTimeId;

     

       1800
       2267
        
       

     

       1801
       1801
       -
       					const transcriptions = db

     

       2268
       2268
       +
       					// Verify user is enrolled in the class

     

       2269
       2269
       +
       					const enrolled = isUserEnrolledInClass(user.id, classId);

     

       2270
       2270
       +
       					if (!enrolled && user.role !== "admin") {

     

       2271
       2271
       +
       						return Response.json(

     

       2272
       2272
       +
       							{ error: "Not enrolled in this class" },

     

       2273
       2273
       +
       							{ status: 403 },

     

       2274
       2274
       +
       						);

     

       2275
       2275
       +
       					}

     

       2276
       2276
       +
       

     

       2277
       2277
       +
       					// Get section filter from query params or use user's section

     

       2278
       2278
       +
       					const url = new URL(req.url);

     

       2279
       2279
       +
       					const sectionParam = url.searchParams.get("section_id");

     

       2280
       2280
       +
       					const sectionFilter =

     

       2281
       2281
       +
       						sectionParam !== null

     

       2282
       2282
       +
       							? sectionParam || null // empty string becomes null

     

       2283
       2283
       +
       							: user.role === "admin"

     

       2284
       2284
       +
       								? null

     

       2285
       2285
       +
       								: getUserSection(user.id, classId);

     

       2286
       2286
       +
       

     

       2287
       2287
       +
       					const recordings = getPendingRecordings(

     

       2288
       2288
       +
       						classId,

     

       2289
       2289
       +
       						meetingTimeId,

     

       2290
       2290
       +
       						sectionFilter,

     

       2291
       2291
       +
       					);

     

       2292
       2292
       +
       					const totalUsers = getEnrolledUserCount(classId);

     

       2293
       2293
       +
       					const userVote = getUserVoteForMeeting(

     

       2294
       2294
       +
       						user.id,

     

       2295
       2295
       +
       						classId,

     

       2296
       2296
       +
       						meetingTimeId,

     

       2297
       2297
       +
       					);

     

       2298
       2298
       +
       

     

       2299
       2299
       +
       					// Check if any recording should be auto-submitted

     

       2300
       2300
       +
       					const winningId = checkAutoSubmit(

     

       2301
       2301
       +
       						classId,

     

       2302
       2302
       +
       						meetingTimeId,

     

       2303
       2303
       +
       						sectionFilter,

     

       2304
       2304
       +
       					);

     

       2305
       2305
       +
       

     

       2306
       2306
       +
       					return Response.json({

     

       2307
       2307
       +
       						recordings,

     

       2308
       2308
       +
       						total_users: totalUsers,

     

       2309
       2309
       +
       						user_vote: userVote,

     

       2310
       2310
       +
       						vote_threshold: Math.ceil(totalUsers * 0.4),

     

       2311
       2311
       +
       						winning_recording_id: winningId,

     

       2312
       2312
       +
       					});

     

       2313
       2313
       +
       				} catch (error) {

     

       2314
       2314
       +
       					return handleError(error);

     

       2315
       2315
       +
       				}

     

       2316
       2316
       +
       			},

     

       2317
       2317
       +
       		},

     

       2318
       2318
       +
       		"/api/recordings/:id/vote": {

     

       2319
       2319
       +
       			POST: async (req) => {

     

       2320
       2320
       +
       				try {

     

       2321
       2321
       +
       					const user = requireAuth(req);

     

       2322
       2322
       +
       					const recordingId = req.params.id;

     

       2323
       2323
       +
       

     

       2324
       2324
       +
       					// Verify user is enrolled in the recording's class

     

       2325
       2325
       +
       					const recording = db

     

       1802
       2326
        
       						.query<

     

       1803
       1803
       -
       							{

     

       1804
       1804
       -
       								id: string;

     

       1805
       1805
       -
       								filename: string;

     

       1806
       1806
       -
       								original_filename: string;

     

       1807
       1807
       -
       								class_id: string | null;

     

       1808
       1808
       -
       								status: string;

     

       1809
       1809
       -
       								progress: number;

     

       1810
       1810
       -
       								created_at: number;

     

       1811
       1811
       -
       							},

     

       1812
       1812
       -
       							[number]

     

       2327
       2327
       +
       							{ class_id: string; meeting_time_id: string; status: string },

     

       2328
       2328
       +
       							[string]

     

       1813
       2329
        
       						>(

     

       1814
       1814
       -
       							"SELECT id, filename, original_filename, class_id, status, progress, created_at FROM transcriptions WHERE user_id = ? ORDER BY created_at DESC",

     

       2330
       2330
       +
       							"SELECT class_id, meeting_time_id, status FROM transcriptions WHERE id = ?",

     

       1815
       2331
        
       						)

     

       1816
       1816
       -
       						.all(user.id);

     

       2332
       2332
       +
       						.get(recordingId);

     

       2333
       2333
       +
       

     

       2334
       2334
       +
       					if (!recording) {

     

       2335
       2335
       +
       						return Response.json(

     

       2336
       2336
       +
       							{ error: "Recording not found" },

     

       2337
       2337
       +
       							{ status: 404 },

     

       2338
       2338
       +
       						);

     

       2339
       2339
       +
       					}

     

       2340
       2340
       +
       

     

       2341
       2341
       +
       					if (recording.status !== "pending") {

     

       2342
       2342
       +
       						return Response.json(

     

       2343
       2343
       +
       							{ error: "Can only vote on pending recordings" },

     

       2344
       2344
       +
       							{ status: 400 },

     

       2345
       2345
       +
       						);

     

       2346
       2346
       +
       					}

     

       2347
       2347
       +
       

     

       2348
       2348
       +
       					const enrolled = isUserEnrolledInClass(user.id, recording.class_id);

     

       2349
       2349
       +
       					if (!enrolled && user.role !== "admin") {

     

       2350
       2350
       +
       						return Response.json(

     

       2351
       2351
       +
       							{ error: "Not enrolled in this class" },

     

       2352
       2352
       +
       							{ status: 403 },

     

       2353
       2353
       +
       						);

     

       2354
       2354
       +
       					}

     

       2355
       2355
       +
       

     

       2356
       2356
       +
       					// Remove existing vote for this meeting time

     

       2357
       2357
       +
       					const existingVote = getUserVoteForMeeting(

     

       2358
       2358
       +
       						user.id,

     

       2359
       2359
       +
       						recording.class_id,

     

       2360
       2360
       +
       						recording.meeting_time_id,

     

       2361
       2361
       +
       					);

     

       2362
       2362
       +
       					if (existingVote) {

     

       2363
       2363
       +
       						removeVote(existingVote, user.id);

     

       2364
       2364
       +
       					}

     

       2365
       2365
       +
       

     

       2366
       2366
       +
       					// Add new vote

     

       2367
       2367
       +
       					const success = voteForRecording(recordingId, user.id);

     

       2368
       2368
       +
       

     

       2369
       2369
       +
       					// Get user's section for auto-submit check

     

       2370
       2370
       +
       					const userSection =

     

       2371
       2371
       +
       						user.role === "admin"

     

       2372
       2372
       +
       							? null

     

       2373
       2373
       +
       							: getUserSection(user.id, recording.class_id);

     

       2374
       2374
       +
       

     

       2375
       2375
       +
       					// Check if auto-submit threshold reached

     

       2376
       2376
       +
       					const winningId = checkAutoSubmit(

     

       2377
       2377
       +
       						recording.class_id,

     

       2378
       2378
       +
       						recording.meeting_time_id,

     

       2379
       2379
       +
       						userSection,

     

       2380
       2380
       +
       					);

     

       2381
       2381
       +
       					if (winningId) {

     

       2382
       2382
       +
       						markAsAutoSubmitted(winningId);

     

       2383
       2383
       +
       						// Start transcription

     

       2384
       2384
       +
       						const winningRecording = db

     

       2385
       2385
       +
       							.query<{ filename: string }, [string]>(

     

       2386
       2386
       +
       								"SELECT filename FROM transcriptions WHERE id = ?",

     

       2387
       2387
       +
       							)

     

       2388
       2388
       +
       							.get(winningId);

     

       2389
       2389
       +
       						if (winningRecording) {

     

       2390
       2390
       +
       							whisperService.startTranscription(

     

       2391
       2391
       +
       								winningId,

     

       2392
       2392
       +
       								winningRecording.filename,

     

       2393
       2393
       +
       							);

     

       2394
       2394
       +
       						}

     

       2395
       2395
       +
       					}

     

       2396
       2396
       +
       

     

       2397
       2397
       +
       					return Response.json({

     

       2398
       2398
       +
       						success,

     

       2399
       2399
       +
       						winning_recording_id: winningId,

     

       2400
       2400
       +
       					});

     

       2401
       2401
       +
       				} catch (error) {

     

       2402
       2402
       +
       					return handleError(error);

     

       2403
       2403
       +
       				}

     

       2404
       2404
       +
       			},

     

       2405
       2405
       +
       		},

     

       2406
       2406
       +
       		"/api/recordings/:id": {

     

       2407
       2407
       +
       			DELETE: async (req) => {

     

       2408
       2408
       +
       				try {

     

       2409
       2409
       +
       					const user = requireAuth(req);

     

       2410
       2410
       +
       					const recordingId = req.params.id;

     

       2411
       2411
       +
       

     

       2412
       2412
       +
       					const success = deletePendingRecording(

     

       2413
       2413
       +
       						recordingId,

     

       2414
       2414
       +
       						user.id,

     

       2415
       2415
       +
       						user.role === "admin",

     

       2416
       2416
       +
       					);

     

       2417
       2417
       +
       

     

       2418
       2418
       +
       					if (!success) {

     

       2419
       2419
       +
       						return Response.json(

     

       2420
       2420
       +
       							{ error: "Cannot delete this recording" },

     

       2421
       2421
       +
       							{ status: 403 },

     

       2422
       2422
       +
       						);

     

       2423
       2423
       +
       					}

     

       2424
       2424
       +
       

     

       2425
       2425
       +
       					return new Response(null, { status: 204 });

     

       2426
       2426
       +
       				} catch (error) {

     

       2427
       2427
       +
       					return handleError(error);

     

       2428
       2428
       +
       				}

     

       2429
       2429
       +
       			},

     

       2430
       2430
       +
       		},

     

       2431
       2431
       +
       		"/api/transcriptions": {

     

       2432
       2432
       +
       			GET: async (req) => {

     

       2433
       2433
       +
       				try {

     

       2434
       2434
       +
       					const user = requireSubscription(req);

     

       2435
       2435
       +
       					const url = new URL(req.url);

     

       2436
       2436
       +
       

     

       2437
       2437
       +
       					// Parse pagination params

     

       2438
       2438
       +
       					const limit = Math.min(

     

       2439
       2439
       +
       						Number.parseInt(url.searchParams.get("limit") || "50", 10),

     

       2440
       2440
       +
       						100,

     

       2441
       2441
       +
       					);

     

       2442
       2442
       +
       					const cursorParam = url.searchParams.get("cursor");

     

       2443
       2443
       +
       

     

       2444
       2444
       +
       					let transcriptions: Array<{

     

       2445
       2445
       +
       						id: string;

     

       2446
       2446
       +
       						filename: string;

     

       2447
       2447
       +
       						original_filename: string;

     

       2448
       2448
       +
       						class_id: string | null;

     

       2449
       2449
       +
       						status: string;

     

       2450
       2450
       +
       						progress: number;

     

       2451
       2451
       +
       						created_at: number;

     

       2452
       2452
       +
       					}>;

     

       2453
       2453
       +
       

     

       2454
       2454
       +
       					if (cursorParam) {

     

       2455
       2455
       +
       						// Decode cursor

     

       2456
       2456
       +
       						const { decodeCursor } = await import("./lib/cursor");

     

       2457
       2457
       +
       						const parts = decodeCursor(cursorParam);

     

       2458
       2458
       +
       

     

       2459
       2459
       +
       						if (parts.length !== 2) {

     

       2460
       2460
       +
       							return Response.json(

     

       2461
       2461
       +
       								{ error: "Invalid cursor format" },

     

       2462
       2462
       +
       								{ status: 400 },

     

       2463
       2463
       +
       							);

     

       2464
       2464
       +
       						}

     

       2465
       2465
       +
       

     

       2466
       2466
       +
       						const cursorTime = Number.parseInt(parts[0] || "", 10);

     

       2467
       2467
       +
       						const id = parts[1] || "";

     

       2468
       2468
       +
       

     

       2469
       2469
       +
       						if (Number.isNaN(cursorTime) || !id) {

     

       2470
       2470
       +
       							return Response.json(

     

       2471
       2471
       +
       								{ error: "Invalid cursor format" },

     

       2472
       2472
       +
       								{ status: 400 },

     

       2473
       2473
       +
       							);

     

       2474
       2474
       +
       						}

     

       2475
       2475
       +
       

     

       2476
       2476
       +
       						transcriptions = db

     

       2477
       2477
       +
       							.query<

     

       2478
       2478
       +
       								{

     

       2479
       2479
       +
       									id: string;

     

       2480
       2480
       +
       									filename: string;

     

       2481
       2481
       +
       									original_filename: string;

     

       2482
       2482
       +
       									class_id: string | null;

     

       2483
       2483
       +
       									status: string;

     

       2484
       2484
       +
       									progress: number;

     

       2485
       2485
       +
       									created_at: number;

     

       2486
       2486
       +
       								},

     

       2487
       2487
       +
       								[number, number, string, number]

     

       2488
       2488
       +
       							>(

     

       2489
       2489
       +
       								`SELECT id, filename, original_filename, class_id, status, progress, created_at 

     

       2490
       2490
       +
       								FROM transcriptions 

     

       2491
       2491
       +
       								WHERE user_id = ? AND (created_at < ? OR (created_at = ? AND id < ?))

     

       2492
       2492
       +
       								ORDER BY created_at DESC, id DESC 

     

       2493
       2493
       +
       								LIMIT ?`,

     

       2494
       2494
       +
       							)

     

       2495
       2495
       +
       							.all(user.id, cursorTime, cursorTime, id, limit + 1);

     

       2496
       2496
       +
       					} else {

     

       2497
       2497
       +
       						transcriptions = db

     

       2498
       2498
       +
       							.query<

     

       2499
       2499
       +
       								{

     

       2500
       2500
       +
       									id: string;

     

       2501
       2501
       +
       									filename: string;

     

       2502
       2502
       +
       									original_filename: string;

     

       2503
       2503
       +
       									class_id: string | null;

     

       2504
       2504
       +
       									status: string;

     

       2505
       2505
       +
       									progress: number;

     

       2506
       2506
       +
       									created_at: number;

     

       2507
       2507
       +
       								},

     

       2508
       2508
       +
       								[number, number]

     

       2509
       2509
       +
       							>(

     

       2510
       2510
       +
       								`SELECT id, filename, original_filename, class_id, status, progress, created_at 

     

       2511
       2511
       +
       								FROM transcriptions 

     

       2512
       2512
       +
       								WHERE user_id = ? 

     

       2513
       2513
       +
       								ORDER BY created_at DESC, id DESC 

     

       2514
       2514
       +
       								LIMIT ?`,

     

       2515
       2515
       +
       							)

     

       2516
       2516
       +
       							.all(user.id, limit + 1);

     

       2517
       2517
       +
       					}

     

       2518
       2518
       +
       

     

       2519
       2519
       +
       					// Check if there are more results

     

       2520
       2520
       +
       					const hasMore = transcriptions.length > limit;

     

       2521
       2521
       +
       					if (hasMore) {

     

       2522
       2522
       +
       						transcriptions.pop(); // Remove extra item

     

       2523
       2523
       +
       					}

     

       2524
       2524
       +
       

     

       2525
       2525
       +
       					// Build next cursor

     

       2526
       2526
       +
       					let nextCursor: string | null = null;

     

       2527
       2527
       +
       					if (hasMore && transcriptions.length > 0) {

     

       2528
       2528
       +
       						const { encodeCursor } = await import("./lib/cursor");

     

       2529
       2529
       +
       						const last = transcriptions[transcriptions.length - 1];

     

       2530
       2530
       +
       						if (last) {

     

       2531
       2531
       +
       							nextCursor = encodeCursor([last.created_at.toString(), last.id]);

     

       2532
       2532
       +
       						}

     

       2533
       2533
       +
       					}

     

       1817
       2534
        
       

     

       1818
       2535
        
       					// Load transcripts from files for completed jobs

     

       1819
       2536
        
       					const jobs = await Promise.all(

     
···

       1829
       2546
        
       						}),

     

       1830
       2547
        
       					);

     

       1831
       2548
        
       

     

       1832
       1832
       -
       					return Response.json({ jobs });

     

       2549
       2549
       +
       					return Response.json({

     

       2550
       2550
       +
       						jobs,

     

       2551
       2551
       +
       						pagination: {

     

       2552
       2552
       +
       							limit,

     

       2553
       2553
       +
       							hasMore,

     

       2554
       2554
       +
       							nextCursor,

     

       2555
       2555
       +
       						},

     

       2556
       2556
       +
       					});

     

       1833
       2557
        
       				} catch (error) {

     

       1834
       2558
        
       					return handleError(error);

     

       1835
       2559
        
       				}

     
···

       1838
       2562
        
       				try {

     

       1839
       2563
        
       					const user = requireSubscription(req);

     

       1840
       2564
        
       

     

       2565
       2565
       +
       					const rateLimitError = enforceRateLimit(req, "upload-transcription", {

     

       2566
       2566
       +
       						ip: { max: 20, windowSeconds: 60 * 60 },

     

       2567
       2567
       +
       					});

     

       2568
       2568
       +
       					if (rateLimitError) return rateLimitError;

     

       2569
       2569
       +
       

     

       1841
       2570
        
       					const formData = await req.formData();

     

       1842
       2571
        
       					const file = formData.get("audio") as File;

     

       1843
       2572
        
       					const classId = formData.get("class_id") as string | null;

     

       1844
       1844
       -
       					const meetingTimeId = formData.get("meeting_time_id") as

     

       2573
       2573
       +
       					const sectionId = formData.get("section_id") as string | null;

     

       2574
       2574
       +
       					const recordingDateStr = formData.get("recording_date") as

     

       1845
       2575
        
       						| string

     

       1846
       2576
        
       						| null;

     

       1847
       2577
        
       

     
···

       1910
       2640
        
       					const uploadDir = "./uploads";

     

       1911
       2641
        
       					await Bun.write(`${uploadDir}/${filename}`, file);

     

       1912
       2642
        
       

     

       1913
       1913
       -
       					// Create database record

     

       2643
       2643
       +
       					// Parse recording date (default to current time if not provided)

     

       2644
       2644
       +
       					const recordingDate = recordingDateStr

     

       2645
       2645
       +
       						? Number.parseInt(recordingDateStr, 10)

     

       2646
       2646
       +
       						: Math.floor(Date.now() / 1000);

     

       2647
       2647
       +
       

     

       2648
       2648
       +
       					// Create database record (without meeting_time_id - will be set later via PATCH)

     

       1914
       2649
        
       					db.run(

     

       1915
       1915
       -
       						"INSERT INTO transcriptions (id, user_id, class_id, meeting_time_id, filename, original_filename, status) VALUES (?, ?, ?, ?, ?, ?, ?)",

     

       2650
       2650
       +
       						"INSERT INTO transcriptions (id, user_id, class_id, meeting_time_id, section_id, filename, original_filename, status, recording_date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",

     

       1916
       2651
        
       						[

     

       1917
       2652
        
       							transcriptionId,

     

       1918
       2653
        
       							user.id,

     

       1919
       2654
        
       							classId,

     

       1920
       1920
       -
       							meetingTimeId,

     

       2655
       2655
       +
       							null, // meeting_time_id will be set via PATCH endpoint

     

       2656
       2656
       +
       							sectionId,

     

       1921
       2657
        
       							filename,

     

       1922
       2658
        
       							file.name,

     

       1923
       2659
        
       							"pending",

     

       2660
       2660
       +
       							recordingDate,

     

       1924
       2661
        
       						],

     

       1925
       2662
        
       					);

     

       1926
       2663
        
       

     

       1927
       2664
        
       					// Don't auto-start transcription - admin will select recordings

     

       1928
       2665
        
       					// whisperService.startTranscription(transcriptionId, filename);

     

       1929
       2666
        
       

     

       1930
       1930
       -
       					return Response.json({

     

       1931
       1931
       -
       						id: transcriptionId,

     

       1932
       1932
       -
       						message: "Upload successful",

     

       1933
       1933
       -
       					});

     

       2667
       2667
       +
       					return Response.json(

     

       2668
       2668
       +
       						{

     

       2669
       2669
       +
       							id: transcriptionId,

     

       2670
       2670
       +
       							message: "Upload successful",

     

       2671
       2671
       +
       						},

     

       2672
       2672
       +
       						{ status: 201 },

     

       2673
       2673
       +
       					);

     

       1934
       2674
        
       				} catch (error) {

     

       1935
       2675
        
       					return handleError(error);

     

       1936
       2676
        
       				}

     
···

       1940
       2680
        
       			GET: async (req) => {

     

       1941
       2681
        
       				try {

     

       1942
       2682
        
       					requireAdmin(req);

     

       1943
       1943
       -
       					const transcriptions = getAllTranscriptions();

     

       1944
       1944
       -
       					return Response.json(transcriptions);

     

       2683
       2683
       +
       					const url = new URL(req.url);

     

       2684
       2684
       +
       

     

       2685
       2685
       +
       					const limit = Math.min(

     

       2686
       2686
       +
       						Number.parseInt(url.searchParams.get("limit") || "50", 10),

     

       2687
       2687
       +
       						100,

     

       2688
       2688
       +
       					);

     

       2689
       2689
       +
       					const cursor = url.searchParams.get("cursor") || undefined;

     

       2690
       2690
       +
       

     

       2691
       2691
       +
       					const result = getAllTranscriptions(limit, cursor);

     

       2692
       2692
       +
       					return Response.json(result.data); // Return just the array for now, can add pagination UI later

     

       1945
       2693
        
       				} catch (error) {

     

       1946
       2694
        
       					return handleError(error);

     

       1947
       2695
        
       				}

     
···

       1951
       2699
        
       			GET: async (req) => {

     

       1952
       2700
        
       				try {

     

       1953
       2701
        
       					requireAdmin(req);

     

       1954
       1954
       -
       					const users = getAllUsersWithStats();

     

       1955
       1955
       -
       					return Response.json(users);

     

       2702
       2702
       +
       					const url = new URL(req.url);

     

       2703
       2703
       +
       

     

       2704
       2704
       +
       					const limit = Math.min(

     

       2705
       2705
       +
       						Number.parseInt(url.searchParams.get("limit") || "50", 10),

     

       2706
       2706
       +
       						100,

     

       2707
       2707
       +
       					);

     

       2708
       2708
       +
       					const cursor = url.searchParams.get("cursor") || undefined;

     

       2709
       2709
       +
       

     

       2710
       2710
       +
       					const result = getAllUsersWithStats(limit, cursor);

     

       2711
       2711
       +
       					return Response.json(result.data); // Return just the array for now, can add pagination UI later

     

       1956
       2712
        
       				} catch (error) {

     

       1957
       2713
        
       					return handleError(error);

     

       1958
       2714
        
       				}

     
···

       1986
       2742
        
       					requireAdmin(req);

     

       1987
       2743
        
       					const id = req.params.id;

     

       1988
       2744
        
       					deleteWaitlistEntry(id);

     

       1989
       1989
       -
       					return Response.json({ success: true });

     

       2745
       2745
       +
       					return new Response(null, { status: 204 });

     

       1990
       2746
        
       				} catch (error) {

     

       1991
       2747
        
       					return handleError(error);

     

       1992
       2748
        
       				}

     
···

       1998
       2754
        
       					requireAdmin(req);

     

       1999
       2755
        
       					const transcriptionId = req.params.id;

     

       2000
       2756
        
       					deleteTranscription(transcriptionId);

     

       2001
       2001
       -
       					return Response.json({ success: true });

     

       2757
       2757
       +
       					return new Response(null, { status: 204 });

     

       2002
       2758
        
       				} catch (error) {

     

       2003
       2759
        
       					return handleError(error);

     

       2004
       2760
        
       				}

     
···

       2013
       2769
        
       						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       2014
       2770
        
       					}

     

       2015
       2771
        
       					await deleteUser(userId);

     

       2016
       2016
       -
       					return Response.json({ success: true });

     

       2772
       2772
       +
       					return new Response(null, { status: 204 });

     

       2017
       2773
        
       				} catch (error) {

     

       2018
       2774
        
       					return handleError(error);

     

       2019
       2775
        
       				}

     
···

       2106
       2862
        
       						.get(userId);

     

       2107
       2863
        
       

     

       2108
       2864
        
       					if (!user) {

     

       2109
       2109
       -
       						return Response.json(

     

       2110
       2110
       -
       							{ error: "User not found" },

     

       2111
       2111
       -
       							{ status: 404 },

     

       2112
       2112
       -
       						);

     

       2865
       2865
       +
       						return Response.json({ error: "User not found" }, { status: 404 });

     

       2113
       2866
        
       					}

     

       2114
       2867
        
       

     

       2115
       2868
        
       					try {

     
···

       2245
       2998
        
       						}),

     

       2246
       2999
        
       					});

     

       2247
       3000
        
       

     

       2248
       2248
       -
       					return Response.json({ 

     

       3001
       3001
       +
       					return Response.json({

     

       2249
       3002
        
       						success: true,

     

       2250
       2250
       -
       						message: "Password reset email sent"

     

       3003
       3003
       +
       						message: "Password reset email sent",

     

       2251
       3004
        
       					});

     

       2252
       3005
        
       				} catch (error) {

     

       2253
       3006
        
       					console.error("[Admin] Password reset error:", error);

     
···

       2266
       3019
        
       

     

       2267
       3020
        
       					const { passkeyId } = req.params;

     

       2268
       3021
        
       					deletePasskey(passkeyId, userId);

     

       2269
       2269
       -
       					return Response.json({ success: true });

     

       3022
       3022
       +
       					return new Response(null, { status: 204 });

     

       2270
       3023
        
       				} catch (error) {

     

       2271
       3024
        
       					return handleError(error);

     

       2272
       3025
        
       				}

     
···

       2284
       3037
        
       					const body = await req.json();

     

       2285
       3038
        
       					const { name } = body as { name: string };

     

       2286
       3039
        
       

     

       2287
       2287
       -
       					if (!name || name.trim().length === 0) {

     

       3040
       3040
       +
       					const nameValidation = validateName(name);

     

       3041
       3041
       +
       					if (!nameValidation.valid) {

     

       2288
       3042
        
       						return Response.json(

     

       2289
       2289
       -
       							{ error: "Name cannot be empty" },

     

       3043
       3043
       +
       							{ error: nameValidation.error },

     

       2290
       3044
        
       							{ status: 400 },

     

       2291
       3045
        
       						);

     

       2292
       3046
        
       					}

     
···

       2308
       3062
        
       					}

     

       2309
       3063
        
       

     

       2310
       3064
        
       					const body = await req.json();

     

       2311
       2311
       -
       					const { email } = body as { email: string };

     

       3065
       3065
       +
       					const { email, skipVerification } = body as {

     

       3066
       3066
       +
       						email: string;

     

       3067
       3067
       +
       						skipVerification?: boolean;

     

       3068
       3068
       +
       					};

     

       2312
       3069
        
       

     

       2313
       2313
       -
       					if (!email || !email.includes("@")) {

     

       3070
       3070
       +
       					const emailValidation = validateEmail(email);

     

       3071
       3071
       +
       					if (!emailValidation.valid) {

     

       2314
       3072
        
       						return Response.json(

     

       2315
       2315
       -
       							{ error: "Invalid email address" },

     

       3073
       3073
       +
       							{ error: emailValidation.error },

     

       2316
       3074
        
       							{ status: 400 },

     

       2317
       3075
        
       						);

     

       2318
       3076
        
       					}

     
···

       2327
       3085
        
       					if (existing) {

     

       2328
       3086
        
       						return Response.json(

     

       2329
       3087
        
       							{ error: "Email already in use" },

     

       2330
       2330
       -
       							{ status: 400 },

     

       3088
       3088
       +
       							{ status: 409 },

     

       2331
       3089
        
       						);

     

       2332
       3090
        
       					}

     

       2333
       3091
        
       

     

       2334
       2334
       -
       					updateUserEmailAddress(userId, email);

     

       2335
       2335
       -
       					return Response.json({ success: true });

     

       3092
       3092
       +
       					if (skipVerification) {

     

       3093
       3093
       +
       						// Admin override: change email immediately without verification

     

       3094
       3094
       +
       						updateUserEmailAddress(userId, email);

     

       3095
       3095
       +
       						return Response.json({

     

       3096
       3096
       +
       							success: true,

     

       3097
       3097
       +
       							message: "Email updated immediately (verification skipped)",

     

       3098
       3098
       +
       						});

     

       3099
       3099
       +
       					}

     

       3100
       3100
       +
       

     

       3101
       3101
       +
       					// Get user's current email

     

       3102
       3102
       +
       					const user = db

     

       3103
       3103
       +
       						.query<{ email: string; name: string | null }, [number]>(

     

       3104
       3104
       +
       							"SELECT email, name FROM users WHERE id = ?",

     

       3105
       3105
       +
       						)

     

       3106
       3106
       +
       						.get(userId);

     

       3107
       3107
       +
       

     

       3108
       3108
       +
       					if (!user) {

     

       3109
       3109
       +
       						return Response.json({ error: "User not found" }, { status: 404 });

     

       3110
       3110
       +
       					}

     

       3111
       3111
       +
       

     

       3112
       3112
       +
       					// Send verification email to user's current email

     

       3113
       3113
       +
       					try {

     

       3114
       3114
       +
       						const token = createEmailChangeToken(userId, email);

     

       3115
       3115
       +
       						const origin = process.env.ORIGIN || "http://localhost:3000";

     

       3116
       3116
       +
       						const verifyUrl = `${origin}/api/user/email/verify?token=${token}`;

     

       3117
       3117
       +
       

     

       3118
       3118
       +
       						await sendEmail({

     

       3119
       3119
       +
       							to: user.email,

     

       3120
       3120
       +
       							subject: "Verify your email change",

     

       3121
       3121
       +
       							html: emailChangeTemplate({

     

       3122
       3122
       +
       								name: user.name,

     

       3123
       3123
       +
       								currentEmail: user.email,

     

       3124
       3124
       +
       								newEmail: email,

     

       3125
       3125
       +
       								verifyLink: verifyUrl,

     

       3126
       3126
       +
       							}),

     

       3127
       3127
       +
       						});

     

       3128
       3128
       +
       

     

       3129
       3129
       +
       						return Response.json({

     

       3130
       3130
       +
       							success: true,

     

       3131
       3131
       +
       							message: `Verification email sent to ${user.email}`,

     

       3132
       3132
       +
       							pendingEmail: email,

     

       3133
       3133
       +
       						});

     

       3134
       3134
       +
       					} catch (emailError) {

     

       3135
       3135
       +
       						console.error(

     

       3136
       3136
       +
       							"[Admin] Failed to send email change verification:",

     

       3137
       3137
       +
       							emailError,

     

       3138
       3138
       +
       						);

     

       3139
       3139
       +
       						return Response.json(

     

       3140
       3140
       +
       							{ error: "Failed to send verification email" },

     

       3141
       3141
       +
       							{ status: 500 },

     

       3142
       3142
       +
       						);

     

       3143
       3143
       +
       					}

     

       2336
       3144
        
       				} catch (error) {

     

       2337
       3145
        
       					return handleError(error);

     

       2338
       3146
        
       				}

     
···

       2362
       3170
        
       					}

     

       2363
       3171
        
       

     

       2364
       3172
        
       					deleteAllUserSessions(userId);

     

       2365
       2365
       -
       					return Response.json({ success: true });

     

       3173
       3173
       +
       					return new Response(null, { status: 204 });

     

       2366
       3174
        
       				} catch (error) {

     

       2367
       3175
        
       					return handleError(error);

     

       2368
       3176
        
       				}

     
···

       2387
       3195
        
       						);

     

       2388
       3196
        
       					}

     

       2389
       3197
        
       

     

       2390
       2390
       -
       					return Response.json({ success: true });

     

       3198
       3198
       +
       					return new Response(null, { status: 204 });

     

       2391
       3199
        
       				} catch (error) {

     

       2392
       3200
        
       					return handleError(error);

     

       2393
       3201
        
       				}

     
···

       2449
       3257
        
       			GET: async (req) => {

     

       2450
       3258
        
       				try {

     

       2451
       3259
        
       					const user = requireAuth(req);

     

       2452
       2452
       -
       					const classes = getClassesForUser(user.id, user.role === "admin");

     

       3260
       3260
       +
       					const url = new URL(req.url);

     

       2453
       3261
        
       

     

       2454
       2454
       -
       					// Group by semester/year

     

       3262
       3262
       +
       					const limit = Math.min(

     

       3263
       3263
       +
       						Number.parseInt(url.searchParams.get("limit") || "50", 10),

     

       3264
       3264
       +
       						100,

     

       3265
       3265
       +
       					);

     

       3266
       3266
       +
       					const cursor = url.searchParams.get("cursor") || undefined;

     

       3267
       3267
       +
       

     

       3268
       3268
       +
       					const result = getClassesForUser(

     

       3269
       3269
       +
       						user.id,

     

       3270
       3270
       +
       						user.role === "admin",

     

       3271
       3271
       +
       						limit,

     

       3272
       3272
       +
       						cursor,

     

       3273
       3273
       +
       					);

     

       3274
       3274
       +
       

     

       3275
       3275
       +
       					// Group by semester/year for all users

     

       2455
       3276
        
       					const grouped: Record<

     

       2456
       3277
        
       						string,

     

       2457
       3278
        
       						Array<{

     
···

       2465
       3286
        
       						}>

     

       2466
       3287
        
       					> = {};

     

       2467
       3288
        
       

     

       2468
       2468
       -
       					for (const cls of classes) {

     

       3289
       3289
       +
       					for (const cls of result.data) {

     

       2469
       3290
        
       						const key = `${cls.semester} ${cls.year}`;

     

       2470
       3291
        
       						if (!grouped[key]) {

     

       2471
       3292
        
       							grouped[key] = [];

     
···

       2481
       3302
        
       						});

     

       2482
       3303
        
       					}

     

       2483
       3304
        
       

     

       2484
       2484
       -
       					return Response.json({ classes: grouped });

     

       3305
       3305
       +
       					return Response.json({

     

       3306
       3306
       +
       						classes: grouped,

     

       3307
       3307
       +
       						pagination: result.pagination,

     

       3308
       3308
       +
       					});

     

       2485
       3309
        
       				} catch (error) {

     

       2486
       3310
        
       					return handleError(error);

     

       2487
       3311
        
       				}

     
···

       2499
       3323
        
       						meeting_times,

     

       2500
       3324
        
       					} = body;

     

       2501
       3325
        
       

     

       2502
       2502
       -
       					if (!course_code || !name || !professor || !semester || !year) {

     

       3326
       3326
       +
       					// Validate all required fields

     

       3327
       3327
       +
       					const courseCodeValidation = validateCourseCode(course_code);

     

       3328
       3328
       +
       					if (!courseCodeValidation.valid) {

     

       2503
       3329
        
       						return Response.json(

     

       2504
       2504
       -
       							{ error: "Missing required fields" },

     

       3330
       3330
       +
       							{ error: courseCodeValidation.error },

     

       3331
       3331
       +
       							{ status: 400 },

     

       3332
       3332
       +
       						);

     

       3333
       3333
       +
       					}

     

       3334
       3334
       +
       

     

       3335
       3335
       +
       					const nameValidation = validateCourseName(name);

     

       3336
       3336
       +
       					if (!nameValidation.valid) {

     

       3337
       3337
       +
       						return Response.json(

     

       3338
       3338
       +
       							{ error: nameValidation.error },

     

       3339
       3339
       +
       							{ status: 400 },

     

       3340
       3340
       +
       						);

     

       3341
       3341
       +
       					}

     

       3342
       3342
       +
       

     

       3343
       3343
       +
       					const professorValidation = validateName(professor, "Professor name");

     

       3344
       3344
       +
       					if (!professorValidation.valid) {

     

       3345
       3345
       +
       						return Response.json(

     

       3346
       3346
       +
       							{ error: professorValidation.error },

     

       3347
       3347
       +
       							{ status: 400 },

     

       3348
       3348
       +
       						);

     

       3349
       3349
       +
       					}

     

       3350
       3350
       +
       

     

       3351
       3351
       +
       					const semesterValidation = validateSemester(semester);

     

       3352
       3352
       +
       					if (!semesterValidation.valid) {

     

       3353
       3353
       +
       						return Response.json(

     

       3354
       3354
       +
       							{ error: semesterValidation.error },

     

       3355
       3355
       +
       							{ status: 400 },

     

       3356
       3356
       +
       						);

     

       3357
       3357
       +
       					}

     

       3358
       3358
       +
       

     

       3359
       3359
       +
       					const yearValidation = validateYear(year);

     

       3360
       3360
       +
       					if (!yearValidation.valid) {

     

       3361
       3361
       +
       						return Response.json(

     

       3362
       3362
       +
       							{ error: yearValidation.error },

     

       2505
       3363
        
       							{ status: 400 },

     

       2506
       3364
        
       						);

     

       2507
       3365
        
       					}

     
···

       2513
       3371
        
       						semester,

     

       2514
       3372
        
       						year,

     

       2515
       3373
        
       						meeting_times,

     

       3374
       3374
       +
       						sections: body.sections,

     

       2516
       3375
        
       					});

     

       2517
       3376
        
       

     

       2518
       2518
       -
       					return Response.json(newClass);

     

       3377
       3377
       +
       					return Response.json(newClass, { status: 201 });

     

       2519
       3378
        
       				} catch (error) {

     

       2520
       3379
        
       					return handleError(error);

     

       2521
       3380
        
       				}

     
···

       2542
       3401
        
       						.all(user.id)

     

       2543
       3402
        
       						.map((row) => row.class_id);

     

       2544
       3403
        
       

     

       2545
       2545
       -
       					// Add is_enrolled flag to each class

     

       3404
       3404
       +
       					// Add is_enrolled flag and sections to each class

     

       2546
       3405
        
       					const classesWithEnrollment = classes.map((cls) => ({

     

       2547
       3406
        
       						...cls,

     

       2548
       3407
        
       						is_enrolled: enrolledClassIds.includes(cls.id),

     

       3408
       3408
       +
       						sections: getClassSections(cls.id),

     

       2549
       3409
        
       					}));

     

       2550
       3410
        
       

     

       2551
       3411
        
       					return Response.json({ classes: classesWithEnrollment });

     
···

       2560
       3420
        
       					const user = requireAuth(req);

     

       2561
       3421
        
       					const body = await req.json();

     

       2562
       3422
        
       					const classId = body.class_id;

     

       3423
       3423
       +
       					const sectionId = body.section_id || null;

     

       2563
       3424
        
       

     

       2564
       2564
       -
       					if (!classId || typeof classId !== "string") {

     

       3425
       3425
       +
       					const classIdValidation = validateClassId(classId);

     

       3426
       3426
       +
       					if (!classIdValidation.valid) {

     

       2565
       3427
        
       						return Response.json(

     

       2566
       2566
       -
       							{ error: "Class ID required" },

     

       3428
       3428
       +
       							{ error: classIdValidation.error },

     

       2567
       3429
        
       							{ status: 400 },

     

       2568
       3430
        
       						);

     

       2569
       3431
        
       					}

     

       2570
       3432
        
       

     

       2571
       2571
       -
       					const result = joinClass(classId, user.id);

     

       3433
       3433
       +
       					const result = joinClass(classId, user.id, sectionId);

     

       2572
       3434
        
       

     

       2573
       3435
        
       					if (!result.success) {

     

       2574
       3436
        
       						return Response.json({ error: result.error }, { status: 400 });

     

       2575
       3437
        
       					}

     

       2576
       3438
        
       

     

       2577
       2577
       -
       					return Response.json({ success: true });

     

       3439
       3439
       +
       					return new Response(null, { status: 204 });

     

       2578
       3440
        
       				} catch (error) {

     

       2579
       3441
        
       					return handleError(error);

     

       2580
       3442
        
       				}

     
···

       2596
       3458
        
       						meetingTimes,

     

       2597
       3459
        
       					} = body;

     

       2598
       3460
        
       

     

       2599
       2599
       -
       					if (!courseCode || !courseName || !professor || !semester || !year) {

     

       3461
       3461
       +
       					// Validate all required fields

     

       3462
       3462
       +
       					const courseCodeValidation = validateCourseCode(courseCode);

     

       3463
       3463
       +
       					if (!courseCodeValidation.valid) {

     

       2600
       3464
        
       						return Response.json(

     

       2601
       2601
       -
       							{ error: "Missing required fields" },

     

       3465
       3465
       +
       							{ error: courseCodeValidation.error },

     

       3466
       3466
       +
       							{ status: 400 },

     

       3467
       3467
       +
       						);

     

       3468
       3468
       +
       					}

     

       3469
       3469
       +
       

     

       3470
       3470
       +
       					const nameValidation = validateCourseName(courseName);

     

       3471
       3471
       +
       					if (!nameValidation.valid) {

     

       3472
       3472
       +
       						return Response.json(

     

       3473
       3473
       +
       							{ error: nameValidation.error },

     

       3474
       3474
       +
       							{ status: 400 },

     

       3475
       3475
       +
       						);

     

       3476
       3476
       +
       					}

     

       3477
       3477
       +
       

     

       3478
       3478
       +
       					const professorValidation = validateName(professor, "Professor name");

     

       3479
       3479
       +
       					if (!professorValidation.valid) {

     

       3480
       3480
       +
       						return Response.json(

     

       3481
       3481
       +
       							{ error: professorValidation.error },

     

       3482
       3482
       +
       							{ status: 400 },

     

       3483
       3483
       +
       						);

     

       3484
       3484
       +
       					}

     

       3485
       3485
       +
       

     

       3486
       3486
       +
       					const semesterValidation = validateSemester(semester);

     

       3487
       3487
       +
       					if (!semesterValidation.valid) {

     

       3488
       3488
       +
       						return Response.json(

     

       3489
       3489
       +
       							{ error: semesterValidation.error },

     

       3490
       3490
       +
       							{ status: 400 },

     

       3491
       3491
       +
       						);

     

       3492
       3492
       +
       					}

     

       3493
       3493
       +
       

     

       3494
       3494
       +
       					const yearValidation = validateYear(

     

       3495
       3495
       +
       						typeof year === "string" ? Number.parseInt(year, 10) : year,

     

       3496
       3496
       +
       					);

     

       3497
       3497
       +
       					if (!yearValidation.valid) {

     

       3498
       3498
       +
       						return Response.json(

     

       3499
       3499
       +
       							{ error: yearValidation.error },

     

       2602
       3500
        
       							{ status: 400 },

     

       2603
       3501
        
       						);

     

       2604
       3502
        
       					}

     
···

       2614
       3512
        
       						meetingTimes || null,

     

       2615
       3513
        
       					);

     

       2616
       3514
        
       

     

       2617
       2617
       -
       					return Response.json({ success: true, id });

     

       3515
       3515
       +
       					return Response.json({ success: true, id }, { status: 201 });

     

       2618
       3516
        
       				} catch (error) {

     

       2619
       3517
        
       					return handleError(error);

     

       2620
       3518
        
       				}

     
···

       2641
       3539
        
       					}

     

       2642
       3540
        
       

     

       2643
       3541
        
       					const meetingTimes = getMeetingTimesForClass(classId);

     

       3542
       3542
       +
       					const sections = getClassSections(classId);

     

       2644
       3543
        
       					const transcriptions = getTranscriptionsForClass(classId);

     

       3544
       3544
       +
       					const userSection = getUserSection(user.id, classId);

     

       2645
       3545
        
       

     

       2646
       3546
        
       					return Response.json({

     

       2647
       3547
        
       						class: classInfo,

     

       2648
       3548
        
       						meetingTimes,

     

       3549
       3549
       +
       						sections,

     

       3550
       3550
       +
       						userSection,

     

       2649
       3551
        
       						transcriptions,

     

       2650
       3552
        
       					});

     

       2651
       3553
        
       				} catch (error) {

     
···

       2657
       3559
        
       					requireAdmin(req);

     

       2658
       3560
        
       					const classId = req.params.id;

     

       2659
       3561
        
       

     

       3562
       3562
       +
       					// Verify class exists

     

       3563
       3563
       +
       					const existingClass = getClassById(classId);

     

       3564
       3564
       +
       					if (!existingClass) {

     

       3565
       3565
       +
       						return Response.json({ error: "Class not found" }, { status: 404 });

     

       3566
       3566
       +
       					}

     

       3567
       3567
       +
       

     

       2660
       3568
        
       					deleteClass(classId);

     

       2661
       2661
       -
       					return Response.json({ success: true });

     

       3569
       3569
       +
       					return new Response(null, { status: 204 });

     

       2662
       3570
        
       				} catch (error) {

     

       2663
       3571
        
       					return handleError(error);

     

       2664
       3572
        
       				}

     
···

       2679
       3587
        
       						);

     

       2680
       3588
        
       					}

     

       2681
       3589
        
       

     

       3590
       3590
       +
       					// Verify class exists

     

       3591
       3591
       +
       					const existingClass = getClassById(classId);

     

       3592
       3592
       +
       					if (!existingClass) {

     

       3593
       3593
       +
       						return Response.json({ error: "Class not found" }, { status: 404 });

     

       3594
       3594
       +
       					}

     

       3595
       3595
       +
       

     

       2682
       3596
        
       					toggleClassArchive(classId, archived);

     

       2683
       2683
       -
       					return Response.json({ success: true });

     

       3597
       3597
       +
       					return new Response(null, { status: 204 });

     

       2684
       3598
        
       				} catch (error) {

     

       2685
       3599
        
       					return handleError(error);

     

       2686
       3600
        
       				}

     
···

       2709
       3623
        
       						return Response.json({ error: "Email required" }, { status: 400 });

     

       2710
       3624
        
       					}

     

       2711
       3625
        
       

     

       3626
       3626
       +
       					// Verify class exists

     

       3627
       3627
       +
       					const existingClass = getClassById(classId);

     

       3628
       3628
       +
       					if (!existingClass) {

     

       3629
       3629
       +
       						return Response.json({ error: "Class not found" }, { status: 404 });

     

       3630
       3630
       +
       					}

     

       3631
       3631
       +
       

     

       2712
       3632
        
       					const user = getUserByEmail(email);

     

       2713
       3633
        
       					if (!user) {

     

       2714
       3634
        
       						return Response.json({ error: "User not found" }, { status: 404 });

     

       2715
       3635
        
       					}

     

       2716
       3636
        
       

     

       2717
       3637
        
       					enrollUserInClass(user.id, classId);

     

       2718
       2718
       -
       					return Response.json({ success: true });

     

       3638
       3638
       +
       					return new Response(null, { status: 201 });

     

       2719
       3639
        
       				} catch (error) {

     

       2720
       3640
        
       					return handleError(error);

     

       2721
       3641
        
       				}

     
···

       2732
       3652
        
       						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       2733
       3653
        
       					}

     

       2734
       3654
        
       

     

       3655
       3655
       +
       					// Verify class exists

     

       3656
       3656
       +
       					const existingClass = getClassById(classId);

     

       3657
       3657
       +
       					if (!existingClass) {

     

       3658
       3658
       +
       						return Response.json({ error: "Class not found" }, { status: 404 });

     

       3659
       3659
       +
       					}

     

       3660
       3660
       +
       

     

       2735
       3661
        
       					removeUserFromClass(userId, classId);

     

       2736
       2736
       -
       					return Response.json({ success: true });

     

       3662
       3662
       +
       					return new Response(null, { status: 204 });

     

       2737
       3663
        
       				} catch (error) {

     

       2738
       3664
        
       					return handleError(error);

     

       2739
       3665
        
       				}

     
···

       2771
       3697
        
       						return Response.json({ error: "Label required" }, { status: 400 });

     

       2772
       3698
        
       					}

     

       2773
       3699
        
       

     

       3700
       3700
       +
       					// Verify class exists

     

       3701
       3701
       +
       					const existingClass = getClassById(classId);

     

       3702
       3702
       +
       					if (!existingClass) {

     

       3703
       3703
       +
       						return Response.json({ error: "Class not found" }, { status: 404 });

     

       3704
       3704
       +
       					}

     

       3705
       3705
       +
       

     

       2774
       3706
        
       					const meetingTime = createMeetingTime(classId, label);

     

       2775
       2775
       -
       					return Response.json(meetingTime);

     

       3707
       3707
       +
       					return Response.json(meetingTime, { status: 201 });

     

       3708
       3708
       +
       				} catch (error) {

     

       3709
       3709
       +
       					return handleError(error);

     

       3710
       3710
       +
       				}

     

       3711
       3711
       +
       			},

     

       3712
       3712
       +
       		},

     

       3713
       3713
       +
       		"/api/classes/:id/sections": {

     

       3714
       3714
       +
       			POST: async (req) => {

     

       3715
       3715
       +
       				try {

     

       3716
       3716
       +
       					requireAdmin(req);

     

       3717
       3717
       +
       					const classId = req.params.id;

     

       3718
       3718
       +
       					const body = await req.json();

     

       3719
       3719
       +
       					const { section_number } = body;

     

       3720
       3720
       +
       

     

       3721
       3721
       +
       					if (!section_number) {

     

       3722
       3722
       +
       						return Response.json({ error: "Section number required" }, { status: 400 });

     

       3723
       3723
       +
       					}

     

       3724
       3724
       +
       

     

       3725
       3725
       +
       					const section = createClassSection(classId, section_number);

     

       3726
       3726
       +
       					return Response.json(section);

     

       3727
       3727
       +
       				} catch (error) {

     

       3728
       3728
       +
       					return handleError(error);

     

       3729
       3729
       +
       				}

     

       3730
       3730
       +
       			},

     

       3731
       3731
       +
       		},

     

       3732
       3732
       +
       		"/api/classes/:classId/sections/:sectionId": {

     

       3733
       3733
       +
       			DELETE: async (req) => {

     

       3734
       3734
       +
       				try {

     

       3735
       3735
       +
       					requireAdmin(req);

     

       3736
       3736
       +
       					const sectionId = req.params.sectionId;

     

       3737
       3737
       +
       

     

       3738
       3738
       +
       					// Check if any students are in this section

     

       3739
       3739
       +
       					const studentsInSection = db

     

       3740
       3740
       +
       						.query<{ count: number }, [string]>(

     

       3741
       3741
       +
       							"SELECT COUNT(*) as count FROM class_members WHERE section_id = ?",

     

       3742
       3742
       +
       						)

     

       3743
       3743
       +
       						.get(sectionId);

     

       3744
       3744
       +
       

     

       3745
       3745
       +
       					if (studentsInSection && studentsInSection.count > 0) {

     

       3746
       3746
       +
       						return Response.json(

     

       3747
       3747
       +
       							{ error: "Cannot delete section with enrolled students" },

     

       3748
       3748
       +
       							{ status: 400 },

     

       3749
       3749
       +
       						);

     

       3750
       3750
       +
       					}

     

       3751
       3751
       +
       

     

       3752
       3752
       +
       					db.run("DELETE FROM class_sections WHERE id = ?", [sectionId]);

     

       3753
       3753
       +
       					return new Response(null, { status: 204 });

     

       2776
       3754
        
       				} catch (error) {

     

       2777
       3755
        
       					return handleError(error);

     

       2778
       3756
        
       				}

     
···

       2790
       3768
        
       						return Response.json({ error: "Label required" }, { status: 400 });

     

       2791
       3769
        
       					}

     

       2792
       3770
        
       

     

       3771
       3771
       +
       					// Verify meeting exists

     

       3772
       3772
       +
       					const existingMeeting = getMeetingById(meetingId);

     

       3773
       3773
       +
       					if (!existingMeeting) {

     

       3774
       3774
       +
       						return Response.json(

     

       3775
       3775
       +
       							{ error: "Meeting not found" },

     

       3776
       3776
       +
       							{ status: 404 },

     

       3777
       3777
       +
       						);

     

       3778
       3778
       +
       					}

     

       3779
       3779
       +
       

     

       2793
       3780
        
       					updateMeetingTime(meetingId, label);

     

       2794
       2794
       -
       					return Response.json({ success: true });

     

       3781
       3781
       +
       					return new Response(null, { status: 204 });

     

       2795
       3782
        
       				} catch (error) {

     

       2796
       3783
        
       					return handleError(error);

     

       2797
       3784
        
       				}

     
···

       2801
       3788
        
       					requireAdmin(req);

     

       2802
       3789
        
       					const meetingId = req.params.id;

     

       2803
       3790
        
       

     

       3791
       3791
       +
       					// Verify meeting exists

     

       3792
       3792
       +
       					const existingMeeting = getMeetingById(meetingId);

     

       3793
       3793
       +
       					if (!existingMeeting) {

     

       3794
       3794
       +
       						return Response.json(

     

       3795
       3795
       +
       							{ error: "Meeting not found" },

     

       3796
       3796
       +
       							{ status: 404 },

     

       3797
       3797
       +
       						);

     

       3798
       3798
       +
       					}

     

       3799
       3799
       +
       

     

       2804
       3800
        
       					deleteMeetingTime(meetingId);

     

       2805
       2805
       -
       					return Response.json({ success: true });

     

       3801
       3801
       +
       					return new Response(null, { status: 204 });

     

       2806
       3802
        
       				} catch (error) {

     

       2807
       3803
        
       					return handleError(error);

     

       2808
       3804
        
       				}

     
···

       2814
       3810
        
       					requireAdmin(req);

     

       2815
       3811
        
       					const transcriptId = req.params.id;

     

       2816
       3812
        
       

     

       2817
       2817
       -
       					// Update status to 'selected' and start transcription

     

       2818
       2818
       -
       					db.run("UPDATE transcriptions SET status = ? WHERE id = ?", [

     

       2819
       2819
       -
       						"selected",

     

       2820
       2820
       -
       						transcriptId,

     

       2821
       2821
       -
       					]);

     

       2822
       2822
       -
       

     

       2823
       2823
       -
       					// Get filename to start transcription

     

       3813
       3813
       +
       					// Check if transcription exists and get its current status

     

       2824
       3814
        
       					const transcription = db

     

       2825
       2825
       -
       						.query<{ filename: string }, [string]>(

     

       2826
       2826
       -
       							"SELECT filename FROM transcriptions WHERE id = ?",

     

       3815
       3815
       +
       						.query<{ filename: string; status: string }, [string]>(

     

       3816
       3816
       +
       							"SELECT filename, status FROM transcriptions WHERE id = ?",

     

       2827
       3817
        
       						)

     

       2828
       3818
        
       						.get(transcriptId);

     

       2829
       3819
        
       

     

       2830
       2830
       -
       					if (transcription) {

     

       2831
       2831
       -
       						whisperService.startTranscription(

     

       2832
       2832
       -
       							transcriptId,

     

       2833
       2833
       -
       							transcription.filename,

     

       3820
       3820
       +
       					if (!transcription) {

     

       3821
       3821
       +
       						return Response.json(

     

       3822
       3822
       +
       							{ error: "Transcription not found" },

     

       3823
       3823
       +
       							{ status: 404 },

     

       2834
       3824
        
       						);

     

       2835
       3825
        
       					}

     

       2836
       3826
        
       

     

       2837
       2837
       -
       					return Response.json({ success: true });

     

       3827
       3827
       +
       					// Validate that status is appropriate for selection (e.g., 'uploading' or 'pending')

     

       3828
       3828
       +
       					const validStatuses = ["uploading", "pending", "failed"];

     

       3829
       3829
       +
       					if (!validStatuses.includes(transcription.status)) {

     

       3830
       3830
       +
       						return Response.json(

     

       3831
       3831
       +
       							{

     

       3832
       3832
       +
       								error: `Cannot select transcription with status: ${transcription.status}`,

     

       3833
       3833
       +
       							},

     

       3834
       3834
       +
       							{ status: 400 },

     

       3835
       3835
       +
       						);

     

       3836
       3836
       +
       					}

     

       3837
       3837
       +
       

     

       3838
       3838
       +
       					// Update status to 'selected' and start transcription

     

       3839
       3839
       +
       					db.run("UPDATE transcriptions SET status = ? WHERE id = ?", [

     

       3840
       3840
       +
       						"selected",

     

       3841
       3841
       +
       						transcriptId,

     

       3842
       3842
       +
       					]);

     

       3843
       3843
       +
       

     

       3844
       3844
       +
       					whisperService.startTranscription(

     

       3845
       3845
       +
       						transcriptId,

     

       3846
       3846
       +
       						transcription.filename,

     

       3847
       3847
       +
       					);

     

       3848
       3848
       +
       

     

       3849
       3849
       +
       					return new Response(null, { status: 204 });

     

       2838
       3850
        
       				} catch (error) {

     

       2839
       3851
        
       					return handleError(error);

     

       2840
       3852
        
       				}

     

       2841
       3853
        
       			},

     

       2842
       3854
        
       		},

     

       2843
       3855
        
       	},

     

       2844
       2844
       -
       	development: {

     

       2845
       2845
       -
       		hmr: true,

     

       2846
       2846
       -
       		console: true,

     

       3856
       3856
       +
       	development: process.env.NODE_ENV === "dev",

     

       3857
       3857
       +
       	fetch(req, server) {

     

       3858
       3858
       +
       		const response = server.fetch(req);

     

       3859
       3859
       +
       

     

       3860
       3860
       +
       		// Add security headers to all responses

     

       3861
       3861
       +
       		if (response instanceof Response) {

     

       3862
       3862
       +
       			const headers = new Headers(response.headers);

     

       3863
       3863
       +
       			headers.set("Permissions-Policy", "interest-cohort=()");

     

       3864
       3864
       +
       			headers.set("X-Content-Type-Options", "nosniff");

     

       3865
       3865
       +
       			headers.set("X-Frame-Options", "DENY");

     

       3866
       3866
       +
       			headers.set("Referrer-Policy", "strict-origin-when-cross-origin");

     

       3867
       3867
       +
       

     

       3868
       3868
       +
       			// Set CSP that allows inline styles with unsafe-inline (needed for Lit components)

     

       3869
       3869
       +
       			// and script-src 'self' for bundled scripts

     

       3870
       3870
       +
       			headers.set(

     

       3871
       3871
       +
       				"Content-Security-Policy",

     

       3872
       3872
       +
       				"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://hostedboringavatars.vercel.app; font-src 'self'; connect-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none';",

     

       3873
       3873
       +
       			);

     

       3874
       3874
       +
       

     

       3875
       3875
       +
       			return new Response(response.body, {

     

       3876
       3876
       +
       				status: response.status,

     

       3877
       3877
       +
       				statusText: response.statusText,

     

       3878
       3878
       +
       				headers,

     

       3879
       3879
       +
       			});

     

       3880
       3880
       +
       		}

     

       3881
       3881
       +
       

     

       3882
       3882
       +
       		return response;

     

       2847
       3883
        
       	},

     

       2848
       3884
        
       });

     

       2849
       3885
        
       console.log(`🪻 Thistle running at http://localhost:${server.port}`);

     

       3886
       3886
       +
       

     

       3887
       3887
       +
       // Track active SSE streams for graceful shutdown

     

       3888
       3888
       +
       const activeSSEStreams = new Set<ReadableStreamDefaultController>();

     

       3889
       3889
       +
       

     

       3890
       3890
       +
       // Graceful shutdown handler

     

       3891
       3891
       +
       let isShuttingDown = false;

     

       3892
       3892
       +
       

     

       3893
       3893
       +
       async function shutdown(signal: string) {

     

       3894
       3894
       +
       	if (isShuttingDown) return;

     

       3895
       3895
       +
       	isShuttingDown = true;

     

       3896
       3896
       +
       

     

       3897
       3897
       +
       	console.log(`\n${signal} received, starting graceful shutdown...`);

     

       3898
       3898
       +
       

     

       3899
       3899
       +
       	// 1. Stop accepting new requests

     

       3900
       3900
       +
       	console.log("[Shutdown] Closing server...");

     

       3901
       3901
       +
       	server.stop();

     

       3902
       3902
       +
       

     

       3903
       3903
       +
       	// 2. Close all active SSE streams (safe to kill - sync will handle reconnection)

     

       3904
       3904
       +
       	console.log(

     

       3905
       3905
       +
       		`[Shutdown] Closing ${activeSSEStreams.size} active SSE streams...`,

     

       3906
       3906
       +
       	);

     

       3907
       3907
       +
       	for (const controller of activeSSEStreams) {

     

       3908
       3908
       +
       		try {

     

       3909
       3909
       +
       			controller.close();

     

       3910
       3910
       +
       		} catch {

     

       3911
       3911
       +
       			// Already closed

     

       3912
       3912
       +
       		}

     

       3913
       3913
       +
       	}

     

       3914
       3914
       +
       	activeSSEStreams.clear();

     

       3915
       3915
       +
       

     

       3916
       3916
       +
       	// 3. Stop transcription service (closes streams to Murmur)

     

       3917
       3917
       +
       	whisperService.stop();

     

       3918
       3918
       +
       

     

       3919
       3919
       +
       	// 4. Stop cleanup intervals

     

       3920
       3920
       +
       	console.log("[Shutdown] Stopping cleanup intervals...");

     

       3921
       3921
       +
       	clearInterval(sessionCleanupInterval);

     

       3922
       3922
       +
       	clearInterval(syncInterval);

     

       3923
       3923
       +
       	clearInterval(fileCleanupInterval);

     

       3924
       3924
       +
       

     

       3925
       3925
       +
       	// 5. Close database connections

     

       3926
       3926
       +
       	console.log("[Shutdown] Closing database...");

     

       3927
       3927
       +
       	db.close();

     

       3928
       3928
       +
       

     

       3929
       3929
       +
       	console.log("[Shutdown] Complete");

     

       3930
       3930
       +
       	process.exit(0);

     

       3931
       3931
       +
       }

     

       3932
       3932
       +
       

     

       3933
       3933
       +
       // Register shutdown handlers

     

       3934
       3934
       +
       process.on("SIGTERM", () => shutdown("SIGTERM"));

     

       3935
       3935
       +
       process.on("SIGINT", () => shutdown("SIGINT"));

+136

src/lib/api-response-format.test.ts

···

       1
       1
       +
       import { describe, expect, test } from "bun:test";

     

       2
       2
       +
       

     

       3
       3
       +
       /**

     

       4
       4
       +
        * API Response Format Standards

     

       5
       5
       +
        *

     

       6
       6
       +
        * This test documents the standardized response formats across the API.

     

       7
       7
       +
        * All endpoints should follow these patterns for consistency.

     

       8
       8
       +
        */

     

       9
       9
       +
       

     

       10
       10
       +
       describe("API Response Format Standards", () => {

     

       11
       11
       +
       	test("success responses should include success: true", () => {

     

       12
       12
       +
       		// Success-only responses (no data returned)

     

       13
       13
       +
       		const successOnly = { success: true };

     

       14
       14
       +
       		expect(successOnly).toHaveProperty("success", true);

     

       15
       15
       +
       

     

       16
       16
       +
       		// Success with message

     

       17
       17
       +
       		const successWithMessage = {

     

       18
       18
       +
       			success: true,

     

       19
       19
       +
       			message: "Operation completed successfully",

     

       20
       20
       +
       		};

     

       21
       21
       +
       		expect(successWithMessage).toHaveProperty("success", true);

     

       22
       22
       +
       		expect(successWithMessage).toHaveProperty("message");

     

       23
       23
       +
       

     

       24
       24
       +
       		// Success with data

     

       25
       25
       +
       		const successWithData = {

     

       26
       26
       +
       			success: true,

     

       27
       27
       +
       			data: { id: 1, name: "Test" },

     

       28
       28
       +
       		};

     

       29
       29
       +
       		expect(successWithData).toHaveProperty("success", true);

     

       30
       30
       +
       		expect(successWithData).toHaveProperty("data");

     

       31
       31
       +
       	});

     

       32
       32
       +
       

     

       33
       33
       +
       	test("error responses should use error field", () => {

     

       34
       34
       +
       		const errorResponse = { error: "Something went wrong" };

     

       35
       35
       +
       		expect(errorResponse).toHaveProperty("error");

     

       36
       36
       +
       		expect(typeof errorResponse.error).toBe("string");

     

       37
       37
       +
       	});

     

       38
       38
       +
       

     

       39
       39
       +
       	test("data responses can return data directly", () => {

     

       40
       40
       +
       		// Direct data return (common pattern for GET endpoints)

     

       41
       41
       +
       		const userData = {

     

       42
       42
       +
       			user: { id: 1, email: "test@example.com" },

     

       43
       43
       +
       			has_subscription: true,

     

       44
       44
       +
       		};

     

       45
       45
       +
       		expect(userData).toHaveProperty("user");

     

       46
       46
       +
       

     

       47
       47
       +
       		// List responses

     

       48
       48
       +
       		const listData = {

     

       49
       49
       +
       			jobs: [{ id: "1" }, { id: "2" }],

     

       50
       50
       +
       			pagination: { limit: 50, hasMore: false, nextCursor: null },

     

       51
       51
       +
       		};

     

       52
       52
       +
       		expect(listData).toHaveProperty("jobs");

     

       53
       53
       +
       		expect(listData).toHaveProperty("pagination");

     

       54
       54
       +
       	});

     

       55
       55
       +
       

     

       56
       56
       +
       	test("message-only responses are converted to success+message", () => {

     

       57
       57
       +
       		// OLD (deprecated): { message: "..." }

     

       58
       58
       +
       		// NEW (standard): { success: true, message: "..." }

     

       59
       59
       +
       

     

       60
       60
       +
       		const newFormat = {

     

       61
       61
       +
       			success: true,

     

       62
       62
       +
       			message: "Verification email sent",

     

       63
       63
       +
       		};

     

       64
       64
       +
       

     

       65
       65
       +
       		expect(newFormat).toHaveProperty("success", true);

     

       66
       66
       +
       		expect(newFormat).toHaveProperty("message");

     

       67
       67
       +
       	});

     

       68
       68
       +
       });

     

       69
       69
       +
       

     

       70
       70
       +
       describe("API Response Patterns", () => {

     

       71
       71
       +
       	test("authentication responses", () => {

     

       72
       72
       +
       		// Login success

     

       73
       73
       +
       		const login = {

     

       74
       74
       +
       			user: { id: 1, email: "test@example.com" },

     

       75
       75
       +
       			email_verification_required: false,

     

       76
       76
       +
       		};

     

       77
       77
       +
       		expect(login).toHaveProperty("user");

     

       78
       78
       +
       

     

       79
       79
       +
       		// Logout success

     

       80
       80
       +
       		const logout = { success: true };

     

       81
       81
       +
       		expect(logout.success).toBe(true);

     

       82
       82
       +
       

     

       83
       83
       +
       		// Email verified

     

       84
       84
       +
       		const verified = {

     

       85
       85
       +
       			success: true,

     

       86
       86
       +
       			message: "Email verified successfully",

     

       87
       87
       +
       			email_verified: true,

     

       88
       88
       +
       			user: { id: 1, email: "test@example.com" },

     

       89
       89
       +
       		};

     

       90
       90
       +
       		expect(verified.success).toBe(true);

     

       91
       91
       +
       		expect(verified).toHaveProperty("message");

     

       92
       92
       +
       	});

     

       93
       93
       +
       

     

       94
       94
       +
       	test("CRUD operation responses", () => {

     

       95
       95
       +
       		// Create (returns created object)

     

       96
       96
       +
       		const created = {

     

       97
       97
       +
       			id: "123",

     

       98
       98
       +
       			name: "New Item",

     

       99
       99
       +
       			created_at: Date.now(),

     

       100
       100
       +
       		};

     

       101
       101
       +
       		expect(created).toHaveProperty("id");

     

       102
       102
       +
       

     

       103
       103
       +
       		// Update (returns success)

     

       104
       104
       +
       		const updated = { success: true };

     

       105
       105
       +
       		expect(updated.success).toBe(true);

     

       106
       106
       +
       

     

       107
       107
       +
       		// Delete (returns success)

     

       108
       108
       +
       		const deleted = { success: true };

     

       109
       109
       +
       		expect(deleted.success).toBe(true);

     

       110
       110
       +
       

     

       111
       111
       +
       		// Get (returns data directly)

     

       112
       112
       +
       		const fetched = {

     

       113
       113
       +
       			id: "123",

     

       114
       114
       +
       			name: "Item",

     

       115
       115
       +
       		};

     

       116
       116
       +
       		expect(fetched).toHaveProperty("id");

     

       117
       117
       +
       	});

     

       118
       118
       +
       

     

       119
       119
       +
       	test("paginated list responses", () => {

     

       120
       120
       +
       		const paginatedList = {

     

       121
       121
       +
       			data: [{ id: "1" }, { id: "2" }],

     

       122
       122
       +
       			pagination: {

     

       123
       123
       +
       				limit: 50,

     

       124
       124
       +
       				hasMore: true,

     

       125
       125
       +
       				nextCursor: "MTczMjM5NjgwMHx0cmFucy0xMjM",

     

       126
       126
       +
       			},

     

       127
       127
       +
       		};

     

       128
       128
       +
       

     

       129
       129
       +
       		expect(paginatedList).toHaveProperty("data");

     

       130
       130
       +
       		expect(Array.isArray(paginatedList.data)).toBe(true);

     

       131
       131
       +
       		expect(paginatedList).toHaveProperty("pagination");

     

       132
       132
       +
       		expect(paginatedList.pagination).toHaveProperty("limit");

     

       133
       133
       +
       		expect(paginatedList.pagination).toHaveProperty("hasMore");

     

       134
       134
       +
       		expect(paginatedList.pagination).toHaveProperty("nextCursor");

     

       135
       135
       +
       	});

     

       136
       136
       +
       });

+55

src/lib/audio-metadata.integration.test.ts

···

       1
       1
       +
       import { afterAll, describe, expect, test } from "bun:test";

     

       2
       2
       +
       import { extractAudioCreationDate } from "./audio-metadata";

     

       3
       3
       +
       

     

       4
       4
       +
       describe("extractAudioCreationDate (integration)", () => {

     

       5
       5
       +
       	const testAudioPath = "./test-audio-sample.m4a";

     

       6
       6
       +
       

     

       7
       7
       +
       	// Clean up test file after tests

     

       8
       8
       +
       	afterAll(async () => {

     

       9
       9
       +
       		try {

     

       10
       10
       +
       			await Bun.file(testAudioPath).exists().then(async (exists) => {

     

       11
       11
       +
       				if (exists) {

     

       12
       12
       +
       					await Bun.$`rm ${testAudioPath}`;

     

       13
       13
       +
       				}

     

       14
       14
       +
       			});

     

       15
       15
       +
       		} catch {

     

       16
       16
       +
       			// Ignore cleanup errors

     

       17
       17
       +
       		}

     

       18
       18
       +
       	});

     

       19
       19
       +
       

     

       20
       20
       +
       	test("extracts creation date from audio file with metadata", async () => {

     

       21
       21
       +
       		// Create a test audio file with metadata using ffmpeg

     

       22
       22
       +
       		// 1 second silent audio with creation_time metadata

     

       23
       23
       +
       		const creationTime = "2024-01-15T14:30:00.000000Z";

     

       24
       24
       +
       

     

       25
       25
       +
       		// Create the file with metadata

     

       26
       26
       +
       		await Bun.$`ffmpeg -f lavfi -i anullsrc=r=44100:cl=mono -t 1 -metadata creation_time=${creationTime} -y ${testAudioPath}`.quiet();

     

       27
       27
       +
       

     

       28
       28
       +
       		const date = await extractAudioCreationDate(testAudioPath);

     

       29
       29
       +
       

     

       30
       30
       +
       		expect(date).not.toBeNull();

     

       31
       31
       +
       		expect(date).toBeInstanceOf(Date);

     

       32
       32
       +
       		// JavaScript Date.toISOString() uses 3 decimal places, not 6 like the input

     

       33
       33
       +
       		expect(date?.toISOString()).toBe("2024-01-15T14:30:00.000Z");

     

       34
       34
       +
       	});

     

       35
       35
       +
       

     

       36
       36
       +
       	test("returns null for audio file without creation_time metadata", async () => {

     

       37
       37
       +
       		// Create audio file without metadata

     

       38
       38
       +
       		await Bun.$`ffmpeg -f lavfi -i anullsrc=r=44100:cl=mono -t 1 -y ${testAudioPath}`.quiet();

     

       39
       39
       +
       

     

       40
       40
       +
       		const date = await extractAudioCreationDate(testAudioPath);

     

       41
       41
       +
       

     

       42
       42
       +
       		// Should use file modification time as fallback

     

       43
       43
       +
       		expect(date).not.toBeNull();

     

       44
       44
       +
       		expect(date).toBeInstanceOf(Date);

     

       45
       45
       +
       		// Should be very recent (within last minute)

     

       46
       46
       +
       		const now = new Date();

     

       47
       47
       +
       		const diff = now.getTime() - (date?.getTime() ?? 0);

     

       48
       48
       +
       		expect(diff).toBeLessThan(60000); // Less than 1 minute

     

       49
       49
       +
       	});

     

       50
       50
       +
       

     

       51
       51
       +
       	test("returns null for non-existent file", async () => {

     

       52
       52
       +
       		const date = await extractAudioCreationDate("./non-existent-file.m4a");

     

       53
       53
       +
       		expect(date).toBeNull();

     

       54
       54
       +
       	});

     

       55
       55
       +
       });

+128

src/lib/audio-metadata.test.ts

···

       1
       1
       +
       import { describe, expect, test } from "bun:test";

     

       2
       2
       +
       import {

     

       3
       3
       +
       	findMatchingMeetingTime,

     

       4
       4
       +
       	getDayName,

     

       5
       5
       +
       	getDayOfWeek,

     

       6
       6
       +
       	meetingTimeLabelMatchesDay,

     

       7
       7
       +
       } from "./audio-metadata";

     

       8
       8
       +
       

     

       9
       9
       +
       describe("getDayOfWeek", () => {

     

       10
       10
       +
       	test("returns correct day number", () => {

     

       11
       11
       +
       		// January 1, 2024 is a Monday (day 1)

     

       12
       12
       +
       		const monday = new Date("2024-01-01T12:00:00Z");

     

       13
       13
       +
       		expect(getDayOfWeek(monday)).toBe(1);

     

       14
       14
       +
       

     

       15
       15
       +
       		// January 7, 2024 is a Sunday (day 0)

     

       16
       16
       +
       		const sunday = new Date("2024-01-07T12:00:00Z");

     

       17
       17
       +
       		expect(getDayOfWeek(sunday)).toBe(0);

     

       18
       18
       +
       

     

       19
       19
       +
       		// January 6, 2024 is a Saturday (day 6)

     

       20
       20
       +
       		const saturday = new Date("2024-01-06T12:00:00Z");

     

       21
       21
       +
       		expect(getDayOfWeek(saturday)).toBe(6);

     

       22
       22
       +
       	});

     

       23
       23
       +
       });

     

       24
       24
       +
       

     

       25
       25
       +
       describe("getDayName", () => {

     

       26
       26
       +
       	test("returns correct day name", () => {

     

       27
       27
       +
       		expect(getDayName(new Date("2024-01-01T12:00:00Z"))).toBe("Monday");

     

       28
       28
       +
       		expect(getDayName(new Date("2024-01-02T12:00:00Z"))).toBe("Tuesday");

     

       29
       29
       +
       		expect(getDayName(new Date("2024-01-03T12:00:00Z"))).toBe("Wednesday");

     

       30
       30
       +
       		expect(getDayName(new Date("2024-01-04T12:00:00Z"))).toBe("Thursday");

     

       31
       31
       +
       		expect(getDayName(new Date("2024-01-05T12:00:00Z"))).toBe("Friday");

     

       32
       32
       +
       		expect(getDayName(new Date("2024-01-06T12:00:00Z"))).toBe("Saturday");

     

       33
       33
       +
       		expect(getDayName(new Date("2024-01-07T12:00:00Z"))).toBe("Sunday");

     

       34
       34
       +
       	});

     

       35
       35
       +
       });

     

       36
       36
       +
       

     

       37
       37
       +
       describe("meetingTimeLabelMatchesDay", () => {

     

       38
       38
       +
       	test("matches full day names", () => {

     

       39
       39
       +
       		expect(meetingTimeLabelMatchesDay("Monday Lecture", "Monday")).toBe(true);

     

       40
       40
       +
       		expect(meetingTimeLabelMatchesDay("Tuesday Lab", "Tuesday")).toBe(true);

     

       41
       41
       +
       		expect(meetingTimeLabelMatchesDay("Wednesday Discussion", "Wednesday")).toBe(

     

       42
       42
       +
       			true,

     

       43
       43
       +
       		);

     

       44
       44
       +
       	});

     

       45
       45
       +
       

     

       46
       46
       +
       	test("matches 3-letter abbreviations", () => {

     

       47
       47
       +
       		expect(meetingTimeLabelMatchesDay("Mon Lecture", "Monday")).toBe(true);

     

       48
       48
       +
       		expect(meetingTimeLabelMatchesDay("Tue Lab", "Tuesday")).toBe(true);

     

       49
       49
       +
       		expect(meetingTimeLabelMatchesDay("Wed Discussion", "Wednesday")).toBe(

     

       50
       50
       +
       			true,

     

       51
       51
       +
       		);

     

       52
       52
       +
       		expect(meetingTimeLabelMatchesDay("Thu Seminar", "Thursday")).toBe(true);

     

       53
       53
       +
       		expect(meetingTimeLabelMatchesDay("Fri Workshop", "Friday")).toBe(true);

     

       54
       54
       +
       		expect(meetingTimeLabelMatchesDay("Sat Review", "Saturday")).toBe(true);

     

       55
       55
       +
       		expect(meetingTimeLabelMatchesDay("Sun Study", "Sunday")).toBe(true);

     

       56
       56
       +
       	});

     

       57
       57
       +
       

     

       58
       58
       +
       	test("is case insensitive", () => {

     

       59
       59
       +
       		expect(meetingTimeLabelMatchesDay("MONDAY LECTURE", "Monday")).toBe(true);

     

       60
       60
       +
       		expect(meetingTimeLabelMatchesDay("monday lecture", "Monday")).toBe(true);

     

       61
       61
       +
       		expect(meetingTimeLabelMatchesDay("MoNdAy LeCTuRe", "Monday")).toBe(true);

     

       62
       62
       +
       	});

     

       63
       63
       +
       

     

       64
       64
       +
       	test("does not match wrong days", () => {

     

       65
       65
       +
       		expect(meetingTimeLabelMatchesDay("Monday Lecture", "Tuesday")).toBe(false);

     

       66
       66
       +
       		expect(meetingTimeLabelMatchesDay("Wednesday Lab", "Thursday")).toBe(false);

     

       67
       67
       +
       		expect(meetingTimeLabelMatchesDay("Lecture Hall A", "Monday")).toBe(false);

     

       68
       68
       +
       	});

     

       69
       69
       +
       

     

       70
       70
       +
       	test("handles labels without day names", () => {

     

       71
       71
       +
       		expect(meetingTimeLabelMatchesDay("Lecture", "Monday")).toBe(false);

     

       72
       72
       +
       		expect(meetingTimeLabelMatchesDay("Lab Session", "Tuesday")).toBe(false);

     

       73
       73
       +
       		expect(meetingTimeLabelMatchesDay("Section A", "Wednesday")).toBe(false);

     

       74
       74
       +
       	});

     

       75
       75
       +
       });

     

       76
       76
       +
       

     

       77
       77
       +
       describe("findMatchingMeetingTime", () => {

     

       78
       78
       +
       	const meetingTimes = [

     

       79
       79
       +
       		{ id: "mt1", label: "Monday Lecture" },

     

       80
       80
       +
       		{ id: "mt2", label: "Wednesday Discussion" },

     

       81
       81
       +
       		{ id: "mt3", label: "Friday Lab" },

     

       82
       82
       +
       	];

     

       83
       83
       +
       

     

       84
       84
       +
       	test("finds correct meeting time for full day name", () => {

     

       85
       85
       +
       		const monday = new Date("2024-01-01T12:00:00Z"); // Monday

     

       86
       86
       +
       		expect(findMatchingMeetingTime(monday, meetingTimes)).toBe("mt1");

     

       87
       87
       +
       

     

       88
       88
       +
       		const wednesday = new Date("2024-01-03T12:00:00Z"); // Wednesday

     

       89
       89
       +
       		expect(findMatchingMeetingTime(wednesday, meetingTimes)).toBe("mt2");

     

       90
       90
       +
       

     

       91
       91
       +
       		const friday = new Date("2024-01-05T12:00:00Z"); // Friday

     

       92
       92
       +
       		expect(findMatchingMeetingTime(friday, meetingTimes)).toBe("mt3");

     

       93
       93
       +
       	});

     

       94
       94
       +
       

     

       95
       95
       +
       	test("finds correct meeting time for abbreviated day name", () => {

     

       96
       96
       +
       		const abbrevMeetingTimes = [

     

       97
       97
       +
       			{ id: "mt1", label: "Mon Lecture" },

     

       98
       98
       +
       			{ id: "mt2", label: "Wed Discussion" },

     

       99
       99
       +
       			{ id: "mt3", label: "Fri Lab" },

     

       100
       100
       +
       		];

     

       101
       101
       +
       

     

       102
       102
       +
       		const monday = new Date("2024-01-01T12:00:00Z");

     

       103
       103
       +
       		expect(findMatchingMeetingTime(monday, abbrevMeetingTimes)).toBe("mt1");

     

       104
       104
       +
       	});

     

       105
       105
       +
       

     

       106
       106
       +
       	test("returns null when no match found", () => {

     

       107
       107
       +
       		const tuesday = new Date("2024-01-02T12:00:00Z"); // Tuesday

     

       108
       108
       +
       		expect(findMatchingMeetingTime(tuesday, meetingTimes)).toBe(null);

     

       109
       109
       +
       

     

       110
       110
       +
       		const saturday = new Date("2024-01-06T12:00:00Z"); // Saturday

     

       111
       111
       +
       		expect(findMatchingMeetingTime(saturday, meetingTimes)).toBe(null);

     

       112
       112
       +
       	});

     

       113
       113
       +
       

     

       114
       114
       +
       	test("returns null for empty meeting times", () => {

     

       115
       115
       +
       		const monday = new Date("2024-01-01T12:00:00Z");

     

       116
       116
       +
       		expect(findMatchingMeetingTime(monday, [])).toBe(null);

     

       117
       117
       +
       	});

     

       118
       118
       +
       

     

       119
       119
       +
       	test("returns first match when multiple matches exist", () => {

     

       120
       120
       +
       		const duplicateMeetingTimes = [

     

       121
       121
       +
       			{ id: "mt1", label: "Monday Lecture" },

     

       122
       122
       +
       			{ id: "mt2", label: "Monday Lab" },

     

       123
       123
       +
       		];

     

       124
       124
       +
       

     

       125
       125
       +
       		const monday = new Date("2024-01-01T12:00:00Z");

     

       126
       126
       +
       		expect(findMatchingMeetingTime(monday, duplicateMeetingTimes)).toBe("mt1");

     

       127
       127
       +
       	});

     

       128
       128
       +
       });

+144

src/lib/audio-metadata.ts

···

       1
       1
       +
       import { $ } from "bun";

     

       2
       2
       +
       

     

       3
       3
       +
       /**

     

       4
       4
       +
        * Extracts creation date from audio file metadata using ffprobe

     

       5
       5
       +
        * Falls back to file birth time (original creation) if no metadata found

     

       6
       6
       +
        * @param filePath Path to audio file

     

       7
       7
       +
        * @returns Date object or null if not found

     

       8
       8
       +
        */

     

       9
       9
       +
       export async function extractAudioCreationDate(

     

       10
       10
       +
       	filePath: string,

     

       11
       11
       +
       ): Promise<Date | null> {

     

       12
       12
       +
       	try {

     

       13
       13
       +
       		// Use ffprobe to extract creation_time metadata

     

       14
       14
       +
       		// -v quiet: suppress verbose output

     

       15
       15
       +
       		// -print_format json: output as JSON

     

       16
       16
       +
       		// -show_entries format_tags: show all tags to search for date fields

     

       17
       17
       +
       		const result =

     

       18
       18
       +
       			await $`ffprobe -v quiet -print_format json -show_entries format_tags ${filePath}`.text();

     

       19
       19
       +
       

     

       20
       20
       +
       		const metadata = JSON.parse(result);

     

       21
       21
       +
       		const tags = metadata?.format?.tags || {};

     

       22
       22
       +
       

     

       23
       23
       +
       		// Try multiple metadata fields that might contain creation date

     

       24
       24
       +
       		const dateFields = [

     

       25
       25
       +
       			tags.creation_time, // Standard creation_time

     

       26
       26
       +
       			tags.date, // Common date field

     

       27
       27
       +
       			tags.DATE, // Uppercase variant

     

       28
       28
       +
       			tags.year, // Year field

     

       29
       29
       +
       			tags.YEAR, // Uppercase variant

     

       30
       30
       +
       			tags["com.apple.quicktime.creationdate"], // Apple QuickTime

     

       31
       31
       +
       			tags.TDRC, // ID3v2 recording time

     

       32
       32
       +
       			tags.TDRL, // ID3v2 release time

     

       33
       33
       +
       		];

     

       34
       34
       +
       

     

       35
       35
       +
       		for (const dateField of dateFields) {

     

       36
       36
       +
       			if (dateField) {

     

       37
       37
       +
       				const date = new Date(dateField);

     

       38
       38
       +
       				if (!Number.isNaN(date.getTime())) {

     

       39
       39
       +
       					console.log(

     

       40
       40
       +
       						`[AudioMetadata] Extracted creation date from metadata: ${date.toISOString()} from ${filePath}`,

     

       41
       41
       +
       					);

     

       42
       42
       +
       					return date;

     

       43
       43
       +
       				}

     

       44
       44
       +
       			}

     

       45
       45
       +
       		}

     

       46
       46
       +
       

     

       47
       47
       +
       		// Fallback: use file birth time (original creation time on filesystem)

     

       48
       48
       +
       		// This preserves the original file creation date better than mtime

     

       49
       49
       +
       		console.log(

     

       50
       50
       +
       			`[AudioMetadata] No creation_time metadata found, using file birth time`,

     

       51
       51
       +
       		);

     

       52
       52
       +
       		const file = Bun.file(filePath);

     

       53
       53
       +
       		const stat = await file.stat();

     

       54
       54
       +
       		const date = new Date(stat.birthtime || stat.mtime);

     

       55
       55
       +
       		console.log(

     

       56
       56
       +
       			`[AudioMetadata] Using file birth time: ${date.toISOString()} from ${filePath}`,

     

       57
       57
       +
       		);

     

       58
       58
       +
       		return date;

     

       59
       59
       +
       	} catch (error) {

     

       60
       60
       +
       		console.error(

     

       61
       61
       +
       			`[AudioMetadata] Failed to extract metadata from ${filePath}:`,

     

       62
       62
       +
       			error instanceof Error ? error.message : "Unknown error",

     

       63
       63
       +
       		);

     

       64
       64
       +
       		return null;

     

       65
       65
       +
       	}

     

       66
       66
       +
       }

     

       67
       67
       +
       

     

       68
       68
       +
       /**

     

       69
       69
       +
        * Gets day of week from a date (0 = Sunday, 6 = Saturday)

     

       70
       70
       +
        */

     

       71
       71
       +
       export function getDayOfWeek(date: Date): number {

     

       72
       72
       +
       	return date.getDay();

     

       73
       73
       +
       }

     

       74
       74
       +
       

     

       75
       75
       +
       /**

     

       76
       76
       +
        * Gets day name from a date

     

       77
       77
       +
        */

     

       78
       78
       +
       export function getDayName(date: Date): string {

     

       79
       79
       +
       	const days = [

     

       80
       80
       +
       		"Sunday",

     

       81
       81
       +
       		"Monday",

     

       82
       82
       +
       		"Tuesday",

     

       83
       83
       +
       		"Wednesday",

     

       84
       84
       +
       		"Thursday",

     

       85
       85
       +
       		"Friday",

     

       86
       86
       +
       		"Saturday",

     

       87
       87
       +
       	];

     

       88
       88
       +
       	return days[date.getDay()] || "Unknown";

     

       89
       89
       +
       }

     

       90
       90
       +
       

     

       91
       91
       +
       /**

     

       92
       92
       +
        * Checks if a meeting time label matches a specific day

     

       93
       93
       +
        * Labels like "Monday Lecture", "Tuesday Lab", "Wed Discussion" should match

     

       94
       94
       +
        */

     

       95
       95
       +
       export function meetingTimeLabelMatchesDay(

     

       96
       96
       +
       	label: string,

     

       97
       97
       +
       	dayName: string,

     

       98
       98
       +
       ): boolean {

     

       99
       99
       +
       	const lowerLabel = label.toLowerCase();

     

       100
       100
       +
       	const lowerDay = dayName.toLowerCase();

     

       101
       101
       +
       

     

       102
       102
       +
       	// Check for full day name

     

       103
       103
       +
       	if (lowerLabel.includes(lowerDay)) {

     

       104
       104
       +
       		return true;

     

       105
       105
       +
       	}

     

       106
       106
       +
       

     

       107
       107
       +
       	// Check for 3-letter abbreviations

     

       108
       108
       +
       	const abbrev = dayName.slice(0, 3).toLowerCase();

     

       109
       109
       +
       	if (lowerLabel.includes(abbrev)) {

     

       110
       110
       +
       		return true;

     

       111
       111
       +
       	}

     

       112
       112
       +
       

     

       113
       113
       +
       	return false;

     

       114
       114
       +
       }

     

       115
       115
       +
       

     

       116
       116
       +
       /**

     

       117
       117
       +
        * Finds the best matching meeting time for a given date

     

       118
       118
       +
        * @param date Date from audio metadata

     

       119
       119
       +
        * @param meetingTimes Available meeting times for the class

     

       120
       120
       +
        * @returns Meeting time ID or null if no match

     

       121
       121
       +
        */

     

       122
       122
       +
       export function findMatchingMeetingTime(

     

       123
       123
       +
       	date: Date,

     

       124
       124
       +
       	meetingTimes: Array<{ id: string; label: string }>,

     

       125
       125
       +
       ): string | null {

     

       126
       126
       +
       	const dayName = getDayName(date);

     

       127
       127
       +
       

     

       128
       128
       +
       	// Find meeting time that matches the day

     

       129
       129
       +
       	const match = meetingTimes.find((mt) =>

     

       130
       130
       +
       		meetingTimeLabelMatchesDay(mt.label, dayName),

     

       131
       131
       +
       	);

     

       132
       132
       +
       

     

       133
       133
       +
       	if (match) {

     

       134
       134
       +
       		console.log(

     

       135
       135
       +
       			`[AudioMetadata] Matched ${dayName} to meeting time: ${match.label}`,

     

       136
       136
       +
       		);

     

       137
       137
       +
       		return match.id;

     

       138
       138
       +
       	}

     

       139
       139
       +
       

     

       140
       140
       +
       	console.log(

     

       141
       141
       +
       		`[AudioMetadata] No meeting time found matching ${dayName} in available options: ${meetingTimes.map((mt) => mt.label).join(", ")}`,

     

       142
       142
       +
       	);

     

       143
       143
       +
       	return null;

     

       144
       144
       +
       }

+34

src/lib/auth.test.ts

···

       130
       130
        
       	};

     

       131
       131
        
       	expect(typeof result.count).toBe("number");

     

       132
       132
        
       });

     

       133
       133
       +
       

     

       134
       134
       +
       test("enforces maximum session limit per user", () => {

     

       135
       135
       +
       	const userId = 999;

     

       136
       136
       +
       

     

       137
       137
       +
       	// Clean up any existing sessions for this user

     

       138
       138
       +
       	db.run("DELETE FROM sessions WHERE user_id = ?", [userId]);

     

       139
       139
       +
       

     

       140
       140
       +
       	// Create 11 sessions (limit is 10)

     

       141
       141
       +
       	const sessionIds: string[] = [];

     

       142
       142
       +
       	for (let i = 0; i < 11; i++) {

     

       143
       143
       +
       		const sessionId = createSession(userId, `192.168.1.${i}`, `Agent ${i}`);

     

       144
       144
       +
       		sessionIds.push(sessionId);

     

       145
       145
       +
       	}

     

       146
       146
       +
       

     

       147
       147
       +
       	// Count total sessions for user

     

       148
       148
       +
       	const sessionCount = db

     

       149
       149
       +
       		.query<{ count: number }, [number]>(

     

       150
       150
       +
       			"SELECT COUNT(*) as count FROM sessions WHERE user_id = ?",

     

       151
       151
       +
       		)

     

       152
       152
       +
       		.get(userId);

     

       153
       153
       +
       

     

       154
       154
       +
       	expect(sessionCount?.count).toBe(10);

     

       155
       155
       +
       

     

       156
       156
       +
       	// First session should be deleted (oldest)

     

       157
       157
       +
       	const firstSession = getSession(sessionIds[0]);

     

       158
       158
       +
       	expect(firstSession).toBeNull();

     

       159
       159
       +
       

     

       160
       160
       +
       	// Last session should exist (newest)

     

       161
       161
       +
       	const lastSession = getSession(sessionIds[10]);

     

       162
       162
       +
       	expect(lastSession).not.toBeNull();

     

       163
       163
       +
       

     

       164
       164
       +
       	// Cleanup

     

       165
       165
       +
       	db.run("DELETE FROM sessions WHERE user_id = ?", [userId]);

     

       166
       166
       +
       });

+291 -81

src/lib/auth.ts

···

       1
       1
        
       import db from "../db/schema";

     

       2
       2
        
       

     

       3
       3
        
       const SESSION_DURATION = 7 * 24 * 60 * 60; // 7 days in seconds

     

       4
       4
       +
       const MAX_SESSIONS_PER_USER = 10; // Maximum number of sessions per user

     

       4
       5
        
       

     

       5
       6
        
       export type UserRole = "user" | "admin";

     

       6
       7
        
       

     
···

       30
       31
        
       ): string {

     

       31
       32
        
       	const sessionId = crypto.randomUUID();

     

       32
       33
        
       	const expiresAt = Math.floor(Date.now() / 1000) + SESSION_DURATION;

     

       34
       34
       +
       

     

       35
       35
       +
       	// Check current session count for user

     

       36
       36
       +
       	const sessionCount = db

     

       37
       37
       +
       		.query<{ count: number }, [number]>(

     

       38
       38
       +
       			"SELECT COUNT(*) as count FROM sessions WHERE user_id = ?",

     

       39
       39
       +
       		)

     

       40
       40
       +
       		.get(userId);

     

       41
       41
       +
       

     

       42
       42
       +
       	// If at or over limit, delete oldest session(s)

     

       43
       43
       +
       	if (sessionCount && sessionCount.count >= MAX_SESSIONS_PER_USER) {

     

       44
       44
       +
       		const sessionsToDelete = sessionCount.count - MAX_SESSIONS_PER_USER + 1;

     

       45
       45
       +
       		db.run(

     

       46
       46
       +
       			`DELETE FROM sessions WHERE id IN (

     

       47
       47
       +
       				SELECT id FROM sessions 

     

       48
       48
       +
       				WHERE user_id = ? 

     

       49
       49
       +
       				ORDER BY created_at ASC 

     

       50
       50
       +
       				LIMIT ?

     

       51
       51
       +
       			)`,

     

       52
       52
       +
       			[userId, sessionsToDelete],

     

       53
       53
       +
       		);

     

       54
       54
       +
       	}

     

       33
       55
        
       

     

       34
       56
        
       	db.run(

     

       35
       57
        
       		"INSERT INTO sessions (id, user_id, ip_address, user_agent, expires_at) VALUES (?, ?, ?, ?, ?)",

     
···

       190
       212
        
       

     

       191
       213
        
       	// Get user's subscription if they have one

     

       192
       214
        
       	const subscription = db

     

       193
       193
       -
       		.query<{ id: string; status: string; cancel_at_period_end: number }, [number]>(

     

       215
       215
       +
       		.query<

     

       216
       216
       +
       			{ id: string; status: string; cancel_at_period_end: number },

     

       217
       217
       +
       			[number]

     

       218
       218
       +
       		>(

     

       194
       219
        
       			"SELECT id, status, cancel_at_period_end FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1",

     

       195
       220
        
       		)

     

       196
       221
        
       		.get(userId);

     

       197
       222
        
       

     

       198
       223
        
       	// Cancel subscription if it exists and is not already canceled or scheduled to cancel

     

       199
       224
        
       	if (

     

       200
       200
       -
       		subscription && 

     

       201
       201
       -
       		subscription.status !== 'canceled' && 

     

       202
       202
       -
       		subscription.status !== 'expired' &&

     

       225
       225
       +
       		subscription &&

     

       226
       226
       +
       		subscription.status !== "canceled" &&

     

       227
       227
       +
       		subscription.status !== "expired" &&

     

       203
       228
        
       		!subscription.cancel_at_period_end

     

       204
       229
        
       	) {

     

       205
       230
        
       		try {

     
···

       230
       255
        
       		"UPDATE transcriptions SET user_id = 0 WHERE user_id = ? AND class_id IS NOT NULL",

     

       231
       256
        
       		[userId],

     

       232
       257
        
       	);

     

       233
       233
       -
       	db.run(

     

       234
       234
       -
       		"DELETE FROM transcriptions WHERE user_id = ? AND class_id IS NULL",

     

       235
       235
       -
       		[userId],

     

       236
       236
       -
       	);

     

       258
       258
       +
       	db.run("DELETE FROM transcriptions WHERE user_id = ? AND class_id IS NULL", [

     

       259
       259
       +
       		userId,

     

       260
       260
       +
       	]);

     

       237
       261
        
       

     

       238
       262
        
       	// Delete user (CASCADE will handle sessions, passkeys, subscriptions, class_members)

     

       239
       263
        
       	db.run("DELETE FROM users WHERE id = ?", [userId]);

     
···

       266
       290
        
        * Email verification functions

     

       267
       291
        
        */

     

       268
       292
        
       

     

       269
       269
       -
       export function createEmailVerificationToken(userId: number): { code: string; token: string; sentAt: number } {

     

       293
       293
       +
       export function createEmailVerificationToken(userId: number): {

     

       294
       294
       +
       	code: string;

     

       295
       295
       +
       	token: string;

     

       296
       296
       +
       	sentAt: number;

     

       297
       297
       +
       } {

     

       270
       298
        
       	// Generate a 6-digit code for user to enter

     

       271
       299
        
       	const code = Math.floor(100000 + Math.random() * 900000).toString();

     

       272
       300
        
       	const id = crypto.randomUUID();

     
···

       282
       310
        
       		"INSERT INTO email_verification_tokens (id, user_id, token, expires_at) VALUES (?, ?, ?, ?)",

     

       283
       311
        
       		[id, userId, code, expiresAt],

     

       284
       312
        
       	);

     

       285
       285
       -
       	

     

       313
       313
       +
       

     

       286
       314
        
       	// Store the URL token as a separate entry

     

       287
       315
        
       	db.run(

     

       288
       316
        
       		"INSERT INTO email_verification_tokens (id, user_id, token, expires_at) VALUES (?, ?, ?, ?)",

     
···

       298
       326
        
       	const now = Math.floor(Date.now() / 1000);

     

       299
       327
        
       

     

       300
       328
        
       	const result = db

     

       301
       301
       -
       		.query<

     

       302
       302
       -
       			{ user_id: number; email: string },

     

       303
       303
       -
       			[string, number]

     

       304
       304
       -
       		>(

     

       329
       329
       +
       		.query<{ user_id: number; email: string }, [string, number]>(

     

       305
       330
        
       			`SELECT evt.user_id, u.email 

     

       306
       331
        
              FROM email_verification_tokens evt

     

       307
       332
        
              JOIN users u ON evt.user_id = u.id

     
···

       320
       345
        
       	return { userId: result.user_id, email: result.email };

     

       321
       346
        
       }

     

       322
       347
        
       

     

       323
       323
       -
       export function verifyEmailCode(

     

       324
       324
       -
       	userId: number,

     

       325
       325
       -
       	code: string,

     

       326
       326
       -
       ): boolean {

     

       348
       348
       +
       export function verifyEmailCode(userId: number, code: string): boolean {

     

       327
       349
        
       	const now = Math.floor(Date.now() / 1000);

     

       328
       350
        
       

     

       329
       351
        
       	const result = db

     

       330
       330
       -
       		.query<

     

       331
       331
       -
       			{ user_id: number },

     

       332
       332
       -
       			[number, string, number]

     

       333
       333
       -
       		>(

     

       352
       352
       +
       		.query<{ user_id: number }, [number, string, number]>(

     

       334
       353
        
       			`SELECT user_id 

     

       335
       354
        
              FROM email_verification_tokens

     

       336
       355
        
              WHERE user_id = ? AND token = ? AND expires_at > ?`,

     
···

       404
       423
        
       	db.run("DELETE FROM password_reset_tokens WHERE token = ?", [token]);

     

       405
       424
        
       }

     

       406
       425
        
       

     

       426
       426
       +
       /**

     

       427
       427
       +
        * Email change functions

     

       428
       428
       +
        */

     

       429
       429
       +
       

     

       430
       430
       +
       export function createEmailChangeToken(

     

       431
       431
       +
       	userId: number,

     

       432
       432
       +
       	newEmail: string,

     

       433
       433
       +
       ): string {

     

       434
       434
       +
       	const token = crypto.randomUUID();

     

       435
       435
       +
       	const id = crypto.randomUUID();

     

       436
       436
       +
       	const expiresAt = Math.floor(Date.now() / 1000) + 24 * 60 * 60; // 24 hours

     

       437
       437
       +
       

     

       438
       438
       +
       	// Delete any existing email change tokens for this user

     

       439
       439
       +
       	db.run("DELETE FROM email_change_tokens WHERE user_id = ?", [userId]);

     

       440
       440
       +
       

     

       441
       441
       +
       	db.run(

     

       442
       442
       +
       		"INSERT INTO email_change_tokens (id, user_id, new_email, token, expires_at) VALUES (?, ?, ?, ?, ?)",

     

       443
       443
       +
       		[id, userId, newEmail, token, expiresAt],

     

       444
       444
       +
       	);

     

       445
       445
       +
       

     

       446
       446
       +
       	return token;

     

       447
       447
       +
       }

     

       448
       448
       +
       

     

       449
       449
       +
       export function verifyEmailChangeToken(

     

       450
       450
       +
       	token: string,

     

       451
       451
       +
       ): { userId: number; newEmail: string } | null {

     

       452
       452
       +
       	const now = Math.floor(Date.now() / 1000);

     

       453
       453
       +
       

     

       454
       454
       +
       	const result = db

     

       455
       455
       +
       		.query<{ user_id: number; new_email: string }, [string, number]>(

     

       456
       456
       +
       			"SELECT user_id, new_email FROM email_change_tokens WHERE token = ? AND expires_at > ?",

     

       457
       457
       +
       		)

     

       458
       458
       +
       		.get(token, now);

     

       459
       459
       +
       

     

       460
       460
       +
       	if (!result) return null;

     

       461
       461
       +
       

     

       462
       462
       +
       	return { userId: result.user_id, newEmail: result.new_email };

     

       463
       463
       +
       }

     

       464
       464
       +
       

     

       465
       465
       +
       export function consumeEmailChangeToken(token: string): void {

     

       466
       466
       +
       	db.run("DELETE FROM email_change_tokens WHERE token = ?", [token]);

     

       467
       467
       +
       }

     

       468
       468
       +
       

     

       407
       469
        
       export function isUserAdmin(userId: number): boolean {

     

       408
       470
        
       	const result = db

     

       409
       471
        
       		.query<{ role: UserRole }, [number]>("SELECT role FROM users WHERE id = ?")

     
···

       442
       504
        
       		.all();

     

       443
       505
        
       }

     

       444
       506
        
       

     

       445
       445
       -
       export function getAllTranscriptions(): Array<{

     

       446
       446
       -
       	id: string;

     

       447
       447
       -
       	user_id: number;

     

       448
       448
       -
       	user_email: string;

     

       449
       449
       -
       	user_name: string | null;

     

       450
       450
       -
       	original_filename: string;

     

       451
       451
       -
       	status: string;

     

       452
       452
       -
       	created_at: number;

     

       453
       453
       -
       	error_message: string | null;

     

       454
       454
       -
       }> {

     

       455
       455
       -
       	return db

     

       456
       456
       -
       		.query<

     

       457
       457
       -
       			{

     

       458
       458
       -
       				id: string;

     

       459
       459
       -
       				user_id: number;

     

       460
       460
       -
       				user_email: string;

     

       461
       461
       -
       				user_name: string | null;

     

       462
       462
       -
       				original_filename: string;

     

       463
       463
       -
       				status: string;

     

       464
       464
       -
       				created_at: number;

     

       465
       465
       -
       				error_message: string | null;

     

       466
       466
       -
       			},

     

       467
       467
       -
       			[]

     

       468
       468
       -
       		>(

     

       469
       469
       -
       			`SELECT 

     

       470
       470
       -
               t.id, 

     

       471
       471
       -
               t.user_id, 

     

       472
       472
       -
               u.email as user_email, 

     

       473
       473
       -
               u.name as user_name, 

     

       474
       474
       -
               t.original_filename, 

     

       475
       475
       -
               t.status, 

     

       476
       476
       -
               t.created_at,

     

       477
       477
       -
               t.error_message

     

       478
       478
       -
             FROM transcriptions t

     

       479
       479
       -
             LEFT JOIN users u ON t.user_id = u.id

     

       480
       480
       -
             ORDER BY t.created_at DESC`,

     

       481
       481
       -
       		)

     

       482
       482
       -
       		.all();

     

       507
       507
       +
       export function getAllTranscriptions(

     

       508
       508
       +
       	limit = 50,

     

       509
       509
       +
       	cursor?: string,

     

       510
       510
       +
       ): {

     

       511
       511
       +
       	data: Array<{

     

       512
       512
       +
       		id: string;

     

       513
       513
       +
       		user_id: number;

     

       514
       514
       +
       		user_email: string;

     

       515
       515
       +
       		user_name: string | null;

     

       516
       516
       +
       		original_filename: string;

     

       517
       517
       +
       		status: string;

     

       518
       518
       +
       		created_at: number;

     

       519
       519
       +
       		error_message: string | null;

     

       520
       520
       +
       	}>;

     

       521
       521
       +
       	pagination: {

     

       522
       522
       +
       		limit: number;

     

       523
       523
       +
       		hasMore: boolean;

     

       524
       524
       +
       		nextCursor: string | null;

     

       525
       525
       +
       	};

     

       526
       526
       +
       } {

     

       527
       527
       +
       	type TranscriptionRow = {

     

       528
       528
       +
       		id: string;

     

       529
       529
       +
       		user_id: number;

     

       530
       530
       +
       		user_email: string;

     

       531
       531
       +
       		user_name: string | null;

     

       532
       532
       +
       		original_filename: string;

     

       533
       533
       +
       		status: string;

     

       534
       534
       +
       		created_at: number;

     

       535
       535
       +
       		error_message: string | null;

     

       536
       536
       +
       	};

     

       537
       537
       +
       

     

       538
       538
       +
       	let transcriptions: TranscriptionRow[];

     

       539
       539
       +
       

     

       540
       540
       +
       	if (cursor) {

     

       541
       541
       +
       		const { decodeCursor } = require("./cursor");

     

       542
       542
       +
       		const parts = decodeCursor(cursor);

     

       543
       543
       +
       

     

       544
       544
       +
       		if (parts.length !== 2) {

     

       545
       545
       +
       			throw new Error("Invalid cursor format");

     

       546
       546
       +
       		}

     

       547
       547
       +
       

     

       548
       548
       +
       		const cursorTime = Number.parseInt(parts[0] || "", 10);

     

       549
       549
       +
       		const id = parts[1] || "";

     

       550
       550
       +
       

     

       551
       551
       +
       		if (Number.isNaN(cursorTime) || !id) {

     

       552
       552
       +
       			throw new Error("Invalid cursor format");

     

       553
       553
       +
       		}

     

       554
       554
       +
       

     

       555
       555
       +
       		transcriptions = db

     

       556
       556
       +
       			.query<TranscriptionRow, [number, number, string, number]>(

     

       557
       557
       +
       				`SELECT 

     

       558
       558
       +
       					t.id, 

     

       559
       559
       +
       					t.user_id, 

     

       560
       560
       +
       					u.email as user_email, 

     

       561
       561
       +
       					u.name as user_name, 

     

       562
       562
       +
       					t.original_filename, 

     

       563
       563
       +
       					t.status, 

     

       564
       564
       +
       					t.created_at,

     

       565
       565
       +
       					t.error_message

     

       566
       566
       +
       				FROM transcriptions t

     

       567
       567
       +
       				LEFT JOIN users u ON t.user_id = u.id

     

       568
       568
       +
       				WHERE t.created_at < ? OR (t.created_at = ? AND t.id < ?)

     

       569
       569
       +
       				ORDER BY t.created_at DESC, t.id DESC

     

       570
       570
       +
       				LIMIT ?`,

     

       571
       571
       +
       			)

     

       572
       572
       +
       			.all(cursorTime, cursorTime, id, limit + 1);

     

       573
       573
       +
       	} else {

     

       574
       574
       +
       		transcriptions = db

     

       575
       575
       +
       			.query<TranscriptionRow, [number]>(

     

       576
       576
       +
       				`SELECT 

     

       577
       577
       +
       					t.id, 

     

       578
       578
       +
       					t.user_id, 

     

       579
       579
       +
       					u.email as user_email, 

     

       580
       580
       +
       					u.name as user_name, 

     

       581
       581
       +
       					t.original_filename, 

     

       582
       582
       +
       					t.status, 

     

       583
       583
       +
       					t.created_at,

     

       584
       584
       +
       					t.error_message

     

       585
       585
       +
       				FROM transcriptions t

     

       586
       586
       +
       				LEFT JOIN users u ON t.user_id = u.id

     

       587
       587
       +
       				ORDER BY t.created_at DESC, t.id DESC

     

       588
       588
       +
       				LIMIT ?`,

     

       589
       589
       +
       			)

     

       590
       590
       +
       			.all(limit + 1);

     

       591
       591
       +
       	}

     

       592
       592
       +
       

     

       593
       593
       +
       	const hasMore = transcriptions.length > limit;

     

       594
       594
       +
       	if (hasMore) {

     

       595
       595
       +
       		transcriptions.pop();

     

       596
       596
       +
       	}

     

       597
       597
       +
       

     

       598
       598
       +
       	let nextCursor: string | null = null;

     

       599
       599
       +
       	if (hasMore && transcriptions.length > 0) {

     

       600
       600
       +
       		const { encodeCursor } = require("./cursor");

     

       601
       601
       +
       		const last = transcriptions[transcriptions.length - 1];

     

       602
       602
       +
       		if (last) {

     

       603
       603
       +
       			nextCursor = encodeCursor([last.created_at.toString(), last.id]);

     

       604
       604
       +
       		}

     

       605
       605
       +
       	}

     

       606
       606
       +
       

     

       607
       607
       +
       	return {

     

       608
       608
       +
       		data: transcriptions,

     

       609
       609
       +
       		pagination: {

     

       610
       610
       +
       			limit,

     

       611
       611
       +
       			hasMore,

     

       612
       612
       +
       			nextCursor,

     

       613
       613
       +
       		},

     

       614
       614
       +
       	};

     

       483
       615
        
       }

     

       484
       616
        
       

     

       485
       617
        
       export function deleteTranscription(transcriptionId: string): void {

     
···

       565
       697
        
       	subscription_id: string | null;

     

       566
       698
        
       }

     

       567
       699
        
       

     

       568
       568
       -
       export function getAllUsersWithStats(): UserWithStats[] {

     

       569
       569
       -
       	return db

     

       570
       570
       -
       		.query<UserWithStats, []>(

     

       571
       571
       -
       			`SELECT 

     

       572
       572
       -
               u.id, 

     

       573
       573
       -
               u.email, 

     

       574
       574
       -
               u.name, 

     

       575
       575
       -
               u.avatar, 

     

       576
       576
       -
               u.created_at, 

     

       577
       577
       -
               u.role,

     

       578
       578
       -
               u.last_login,

     

       579
       579
       -
               COUNT(DISTINCT t.id) as transcription_count,

     

       580
       580
       -
               s.status as subscription_status,

     

       581
       581
       -
               s.id as subscription_id

     

       582
       582
       -
             FROM users u

     

       583
       583
       -
             LEFT JOIN transcriptions t ON u.id = t.user_id

     

       584
       584
       -
             LEFT JOIN subscriptions s ON u.id = s.user_id AND s.status IN ('active', 'trialing', 'past_due')

     

       585
       585
       -
             GROUP BY u.id

     

       586
       586
       -
             ORDER BY u.created_at DESC`,

     

       587
       587
       -
       		)

     

       588
       588
       -
       		.all();

     

       700
       700
       +
       export function getAllUsersWithStats(

     

       701
       701
       +
       	limit = 50,

     

       702
       702
       +
       	cursor?: string,

     

       703
       703
       +
       ): {

     

       704
       704
       +
       	data: UserWithStats[];

     

       705
       705
       +
       	pagination: {

     

       706
       706
       +
       		limit: number;

     

       707
       707
       +
       		hasMore: boolean;

     

       708
       708
       +
       		nextCursor: string | null;

     

       709
       709
       +
       	};

     

       710
       710
       +
       } {

     

       711
       711
       +
       	let users: UserWithStats[];

     

       712
       712
       +
       

     

       713
       713
       +
       	if (cursor) {

     

       714
       714
       +
       		const { decodeCursor } = require("./cursor");

     

       715
       715
       +
       		const parts = decodeCursor(cursor);

     

       716
       716
       +
       

     

       717
       717
       +
       		if (parts.length !== 2) {

     

       718
       718
       +
       			throw new Error("Invalid cursor format");

     

       719
       719
       +
       		}

     

       720
       720
       +
       

     

       721
       721
       +
       		const cursorTime = Number.parseInt(parts[0] || "", 10);

     

       722
       722
       +
       		const cursorId = Number.parseInt(parts[1] || "", 10);

     

       723
       723
       +
       

     

       724
       724
       +
       		if (Number.isNaN(cursorTime) || Number.isNaN(cursorId)) {

     

       725
       725
       +
       			throw new Error("Invalid cursor format");

     

       726
       726
       +
       		}

     

       727
       727
       +
       

     

       728
       728
       +
       		users = db

     

       729
       729
       +
       			.query<UserWithStats, [number, number, number, number]>(

     

       730
       730
       +
       				`SELECT 

     

       731
       731
       +
       					u.id, 

     

       732
       732
       +
       					u.email, 

     

       733
       733
       +
       					u.name, 

     

       734
       734
       +
       					u.avatar, 

     

       735
       735
       +
       					u.created_at, 

     

       736
       736
       +
       					u.role,

     

       737
       737
       +
       					u.last_login,

     

       738
       738
       +
       					COUNT(DISTINCT t.id) as transcription_count,

     

       739
       739
       +
       					s.status as subscription_status,

     

       740
       740
       +
       					s.id as subscription_id

     

       741
       741
       +
       				FROM users u

     

       742
       742
       +
       				LEFT JOIN transcriptions t ON u.id = t.user_id

     

       743
       743
       +
       				LEFT JOIN subscriptions s ON u.id = s.user_id AND s.status IN ('active', 'trialing', 'past_due')

     

       744
       744
       +
       				WHERE u.created_at < ? OR (u.created_at = ? AND u.id < ?)

     

       745
       745
       +
       				GROUP BY u.id

     

       746
       746
       +
       				ORDER BY u.created_at DESC, u.id DESC

     

       747
       747
       +
       				LIMIT ?`,

     

       748
       748
       +
       			)

     

       749
       749
       +
       			.all(cursorTime, cursorTime, cursorId, limit + 1);

     

       750
       750
       +
       	} else {

     

       751
       751
       +
       		users = db

     

       752
       752
       +
       			.query<UserWithStats, [number]>(

     

       753
       753
       +
       				`SELECT 

     

       754
       754
       +
       					u.id, 

     

       755
       755
       +
       					u.email, 

     

       756
       756
       +
       					u.name, 

     

       757
       757
       +
       					u.avatar, 

     

       758
       758
       +
       					u.created_at, 

     

       759
       759
       +
       					u.role,

     

       760
       760
       +
       					u.last_login,

     

       761
       761
       +
       					COUNT(DISTINCT t.id) as transcription_count,

     

       762
       762
       +
       					s.status as subscription_status,

     

       763
       763
       +
       					s.id as subscription_id

     

       764
       764
       +
       				FROM users u

     

       765
       765
       +
       				LEFT JOIN transcriptions t ON u.id = t.user_id

     

       766
       766
       +
       				LEFT JOIN subscriptions s ON u.id = s.user_id AND s.status IN ('active', 'trialing', 'past_due')

     

       767
       767
       +
       				GROUP BY u.id

     

       768
       768
       +
       				ORDER BY u.created_at DESC, u.id DESC

     

       769
       769
       +
       				LIMIT ?`,

     

       770
       770
       +
       			)

     

       771
       771
       +
       			.all(limit + 1);

     

       772
       772
       +
       	}

     

       773
       773
       +
       

     

       774
       774
       +
       	const hasMore = users.length > limit;

     

       775
       775
       +
       	if (hasMore) {

     

       776
       776
       +
       		users.pop();

     

       777
       777
       +
       	}

     

       778
       778
       +
       

     

       779
       779
       +
       	let nextCursor: string | null = null;

     

       780
       780
       +
       	if (hasMore && users.length > 0) {

     

       781
       781
       +
       		const { encodeCursor } = require("./cursor");

     

       782
       782
       +
       		const last = users[users.length - 1];

     

       783
       783
       +
       		if (last) {

     

       784
       784
       +
       			nextCursor = encodeCursor([

     

       785
       785
       +
       				last.created_at.toString(),

     

       786
       786
       +
       				last.id.toString(),

     

       787
       787
       +
       			]);

     

       788
       788
       +
       		}

     

       789
       789
       +
       	}

     

       790
       790
       +
       

     

       791
       791
       +
       	return {

     

       792
       792
       +
       		data: users,

     

       793
       793
       +
       		pagination: {

     

       794
       794
       +
       			limit,

     

       795
       795
       +
       			hasMore,

     

       796
       796
       +
       			nextCursor,

     

       797
       797
       +
       		},

     

       798
       798
       +
       	};

     

       589
       799
        
       }

+7 -7

src/lib/classes.test.ts

···

       129
       129
        
       	enrollUserInClass(userId, cls1.id);

     

       130
       130
        
       

     

       131
       131
        
       	// Get classes for user (non-admin)

     

       132
       132
       -
       	const classes = getClassesForUser(userId, false);

     

       133
       133
       -
       	expect(classes.length).toBe(1);

     

       134
       134
       -
       	expect(classes[0]?.id).toBe(cls1.id);

     

       132
       132
       +
       	const classesResult = getClassesForUser(userId, false);

     

       133
       133
       +
       	expect(classesResult.data.length).toBe(1);

     

       134
       134
       +
       	expect(classesResult.data[0]?.id).toBe(cls1.id);

     

       135
       135
        
       

     

       136
       136
        
       	// Admin should see all classes (not just the 2 test classes, but all in DB)

     

       137
       137
       -
       	const allClasses = getClassesForUser(userId, true);

     

       138
       138
       -
       	expect(allClasses.length).toBeGreaterThanOrEqual(2);

     

       139
       139
       -
       	expect(allClasses.some((c) => c.id === cls1.id)).toBe(true);

     

       140
       140
       -
       	expect(allClasses.some((c) => c.id === cls2.id)).toBe(true);

     

       137
       137
       +
       	const allClassesResult = getClassesForUser(userId, true);

     

       138
       138
       +
       	expect(allClassesResult.data.length).toBeGreaterThanOrEqual(2);

     

       139
       139
       +
       	expect(allClassesResult.data.some((c) => c.id === cls1.id)).toBe(true);

     

       140
       140
       +
       	expect(allClassesResult.data.some((c) => c.id === cls2.id)).toBe(true);

     

       141
       141
        
       

     

       142
       142
        
       	// Cleanup enrollment

     

       143
       143
        
       	removeUserFromClass(userId, cls1.id);

+248 -22

src/lib/classes.ts

···

       9
       9
        
       	semester: string;

     

       10
       10
        
       	year: number;

     

       11
       11
        
       	archived: boolean;

     

       12
       12
       +
       	section_number?: string | null;

     

       13
       13
       +
       	created_at: number;

     

       14
       14
       +
       }

     

       15
       15
       +
       

     

       16
       16
       +
       export interface ClassSection {

     

       17
       17
       +
       	id: string;

     

       18
       18
       +
       	class_id: string;

     

       19
       19
       +
       	section_number: string;

     

       12
       20
        
       	created_at: number;

     

       13
       21
        
       }

     

       14
       22
        
       

     
···

       22
       30
        
       export interface ClassMember {

     

       23
       31
        
       	class_id: string;

     

       24
       32
        
       	user_id: number;

     

       33
       33
       +
       	section_id: string | null;

     

       25
       34
        
       	enrolled_at: number;

     

       26
       35
        
       }

     

       27
       36
        
       

     

       37
       37
       +
       export interface ClassWithStats extends Class {

     

       38
       38
       +
       	student_count?: number;

     

       39
       39
       +
       	transcript_count?: number;

     

       40
       40
       +
       }

     

       41
       41
       +
       

     

       28
       42
        
       /**

     

       29
       43
        
        * Get all classes for a user (either enrolled or admin sees all)

     

       30
       44
        
        */

     

       31
       31
       -
       export function getClassesForUser(userId: number, isAdmin: boolean): Class[] {

     

       45
       45
       +
       export function getClassesForUser(

     

       46
       46
       +
       	userId: number,

     

       47
       47
       +
       	isAdmin: boolean,

     

       48
       48
       +
       	limit = 50,

     

       49
       49
       +
       	cursor?: string,

     

       50
       50
       +
       ): {

     

       51
       51
       +
       	data: ClassWithStats[];

     

       52
       52
       +
       	pagination: {

     

       53
       53
       +
       		limit: number;

     

       54
       54
       +
       		hasMore: boolean;

     

       55
       55
       +
       		nextCursor: string | null;

     

       56
       56
       +
       	};

     

       57
       57
       +
       } {

     

       58
       58
       +
       	let classes: ClassWithStats[];

     

       59
       59
       +
       

     

       32
       60
        
       	if (isAdmin) {

     

       33
       33
       -
       		return db

     

       34
       34
       -
       			.query<Class, []>(

     

       35
       35
       -
       				"SELECT * FROM classes ORDER BY year DESC, semester DESC, course_code ASC",

     

       36
       36
       -
       			)

     

       37
       37
       -
       			.all();

     

       61
       61
       +
       		if (cursor) {

     

       62
       62
       +
       			const { decodeClassCursor } = require("./cursor");

     

       63
       63
       +
       			const { year, semester, courseCode, id } = decodeClassCursor(cursor);

     

       64
       64
       +
       

     

       65
       65
       +
       			classes = db

     

       66
       66
       +
       				.query<ClassWithStats, [number, string, string, string, number]>(

     

       67
       67
       +
       					`SELECT 

     

       68
       68
       +
       						c.*,

     

       69
       69
       +
       						(SELECT COUNT(*) FROM class_members WHERE class_id = c.id) as student_count,

     

       70
       70
       +
       						(SELECT COUNT(*) FROM transcriptions WHERE class_id = c.id) as transcript_count

     

       71
       71
       +
       					FROM classes c 

     

       72
       72
       +
       					WHERE (c.year < ? OR 

     

       73
       73
       +
       						(c.year = ? AND c.semester < ?) OR 

     

       74
       74
       +
       						(c.year = ? AND c.semester = ? AND c.course_code > ?) OR

     

       75
       75
       +
       						(c.year = ? AND c.semester = ? AND c.course_code = ? AND c.id > ?))

     

       76
       76
       +
       					ORDER BY c.year DESC, c.semester DESC, c.course_code ASC, c.id ASC

     

       77
       77
       +
       					LIMIT ?`,

     

       78
       78
       +
       				)

     

       79
       79
       +
       				.all(

     

       80
       80
       +
       					year,

     

       81
       81
       +
       					year,

     

       82
       82
       +
       					semester,

     

       83
       83
       +
       					year,

     

       84
       84
       +
       					semester,

     

       85
       85
       +
       					courseCode,

     

       86
       86
       +
       					year,

     

       87
       87
       +
       					semester,

     

       88
       88
       +
       					courseCode,

     

       89
       89
       +
       					id,

     

       90
       90
       +
       					limit + 1,

     

       91
       91
       +
       				);

     

       92
       92
       +
       		} else {

     

       93
       93
       +
       			classes = db

     

       94
       94
       +
       				.query<ClassWithStats, [number]>(

     

       95
       95
       +
       					`SELECT 

     

       96
       96
       +
       						c.*,

     

       97
       97
       +
       						(SELECT COUNT(*) FROM class_members WHERE class_id = c.id) as student_count,

     

       98
       98
       +
       						(SELECT COUNT(*) FROM transcriptions WHERE class_id = c.id) as transcript_count

     

       99
       99
       +
       					FROM classes c 

     

       100
       100
       +
       					ORDER BY c.year DESC, c.semester DESC, c.course_code ASC, c.id ASC

     

       101
       101
       +
       					LIMIT ?`,

     

       102
       102
       +
       				)

     

       103
       103
       +
       				.all(limit + 1);

     

       104
       104
       +
       		}

     

       105
       105
       +
       	} else {

     

       106
       106
       +
       		if (cursor) {

     

       107
       107
       +
       			const { decodeClassCursor } = require("./cursor");

     

       108
       108
       +
       			const { year, semester, courseCode, id } = decodeClassCursor(cursor);

     

       109
       109
       +
       

     

       110
       110
       +
       			classes = db

     

       111
       111
       +
       				.query<

     

       112
       112
       +
       					ClassWithStats,

     

       113
       113
       +
       					[number, number, string, string, string, number]

     

       114
       114
       +
       				>(

     

       115
       115
       +
       					`SELECT c.* FROM classes c

     

       116
       116
       +
       					INNER JOIN class_members cm ON c.id = cm.class_id

     

       117
       117
       +
       					WHERE cm.user_id = ? AND 

     

       118
       118
       +
       						(c.year < ? OR 

     

       119
       119
       +
       						(c.year = ? AND c.semester < ?) OR 

     

       120
       120
       +
       						(c.year = ? AND c.semester = ? AND c.course_code > ?) OR

     

       121
       121
       +
       						(c.year = ? AND c.semester = ? AND c.course_code = ? AND c.id > ?))

     

       122
       122
       +
       					ORDER BY c.year DESC, c.semester DESC, c.course_code ASC, c.id ASC

     

       123
       123
       +
       					LIMIT ?`,

     

       124
       124
       +
       				)

     

       125
       125
       +
       				.all(

     

       126
       126
       +
       					userId,

     

       127
       127
       +
       					year,

     

       128
       128
       +
       					year,

     

       129
       129
       +
       					semester,

     

       130
       130
       +
       					year,

     

       131
       131
       +
       					semester,

     

       132
       132
       +
       					courseCode,

     

       133
       133
       +
       					year,

     

       134
       134
       +
       					semester,

     

       135
       135
       +
       					courseCode,

     

       136
       136
       +
       					id,

     

       137
       137
       +
       					limit + 1,

     

       138
       138
       +
       				);

     

       139
       139
       +
       		} else {

     

       140
       140
       +
       			classes = db

     

       141
       141
       +
       				.query<ClassWithStats, [number, number]>(

     

       142
       142
       +
       					`SELECT c.* FROM classes c

     

       143
       143
       +
       					INNER JOIN class_members cm ON c.id = cm.class_id

     

       144
       144
       +
       					WHERE cm.user_id = ?

     

       145
       145
       +
       					ORDER BY c.year DESC, c.semester DESC, c.course_code ASC, c.id ASC

     

       146
       146
       +
       					LIMIT ?`,

     

       147
       147
       +
       				)

     

       148
       148
       +
       				.all(userId, limit + 1);

     

       149
       149
       +
       		}

     

       38
       150
        
       	}

     

       39
       151
        
       

     

       40
       40
       -
       	return db

     

       41
       41
       -
       		.query<Class, [number]>(

     

       42
       42
       -
       			`SELECT c.* FROM classes c

     

       43
       43
       -
              INNER JOIN class_members cm ON c.id = cm.class_id

     

       44
       44
       -
              WHERE cm.user_id = ?

     

       45
       45
       -
              ORDER BY c.year DESC, c.semester DESC, c.course_code ASC`,

     

       46
       46
       -
       		)

     

       47
       47
       -
       		.all(userId);

     

       152
       152
       +
       	const hasMore = classes.length > limit;

     

       153
       153
       +
       	if (hasMore) {

     

       154
       154
       +
       		classes.pop();

     

       155
       155
       +
       	}

     

       156
       156
       +
       

     

       157
       157
       +
       	let nextCursor: string | null = null;

     

       158
       158
       +
       	if (hasMore && classes.length > 0) {

     

       159
       159
       +
       		const { encodeClassCursor } = require("./cursor");

     

       160
       160
       +
       		const last = classes[classes.length - 1];

     

       161
       161
       +
       		if (last) {

     

       162
       162
       +
       			nextCursor = encodeClassCursor(

     

       163
       163
       +
       				last.year,

     

       164
       164
       +
       				last.semester,

     

       165
       165
       +
       				last.course_code,

     

       166
       166
       +
       				last.id,

     

       167
       167
       +
       			);

     

       168
       168
       +
       		}

     

       169
       169
       +
       	}

     

       170
       170
       +
       

     

       171
       171
       +
       	return {

     

       172
       172
       +
       		data: classes,

     

       173
       173
       +
       		pagination: {

     

       174
       174
       +
       			limit,

     

       175
       175
       +
       			hasMore,

     

       176
       176
       +
       			nextCursor,

     

       177
       177
       +
       		},

     

       178
       178
       +
       	};

     

       48
       179
        
       }

     

       49
       180
        
       

     

       50
       181
        
       /**

     
···

       82
       213
        
       	semester: string;

     

       83
       214
        
       	year: number;

     

       84
       215
        
       	meeting_times?: string[];

     

       216
       216
       +
       	sections?: string[];

     

       85
       217
        
       }): Class {

     

       86
       218
        
       	const id = nanoid();

     

       87
       219
        
       	const now = Math.floor(Date.now() / 1000);

     
···

       106
       238
        
       		}

     

       107
       239
        
       	}

     

       108
       240
        
       

     

       241
       241
       +
       	// Create sections if provided

     

       242
       242
       +
       	if (data.sections && data.sections.length > 0) {

     

       243
       243
       +
       		for (const sectionNumber of data.sections) {

     

       244
       244
       +
       			createClassSection(id, sectionNumber);

     

       245
       245
       +
       		}

     

       246
       246
       +
       	}

     

       247
       247
       +
       

     

       109
       248
        
       	return {

     

       110
       249
        
       		id,

     

       111
       250
        
       		course_code: data.course_code,

     
···

       122
       261
        
        * Archive or unarchive a class

     

       123
       262
        
        */

     

       124
       263
        
       export function toggleClassArchive(classId: string, archived: boolean): void {

     

       125
       125
       -
       	db.run("UPDATE classes SET archived = ? WHERE id = ?", [

     

       264
       264
       +
       	const result = db.run("UPDATE classes SET archived = ? WHERE id = ?", [

     

       126
       265
        
       		archived ? 1 : 0,

     

       127
       266
        
       		classId,

     

       128
       267
        
       	]);

     

       268
       268
       +
       

     

       269
       269
       +
       	if (result.changes === 0) {

     

       270
       270
       +
       		throw new Error("Class not found");

     

       271
       271
       +
       	}

     

       129
       272
        
       }

     

       130
       273
        
       

     

       131
       274
        
       /**

     
···

       138
       281
        
       /**

     

       139
       282
        
        * Enroll a user in a class

     

       140
       283
        
        */

     

       141
       141
       -
       export function enrollUserInClass(userId: number, classId: string): void {

     

       284
       284
       +
       export function enrollUserInClass(

     

       285
       285
       +
       	userId: number,

     

       286
       286
       +
       	classId: string,

     

       287
       287
       +
       	sectionId?: string | null,

     

       288
       288
       +
       ): void {

     

       142
       289
        
       	const now = Math.floor(Date.now() / 1000);

     

       143
       290
        
       	db.run(

     

       144
       144
       -
       		"INSERT OR IGNORE INTO class_members (class_id, user_id, enrolled_at) VALUES (?, ?, ?)",

     

       145
       145
       -
       		[classId, userId, now],

     

       291
       291
       +
       		"INSERT OR IGNORE INTO class_members (class_id, user_id, section_id, enrolled_at) VALUES (?, ?, ?, ?)",

     

       292
       292
       +
       		[classId, userId, sectionId ?? null, now],

     

       146
       293
        
       	);

     

       147
       294
        
       }

     

       148
       295
        
       

     
···

       212
       359
        
       }

     

       213
       360
        
       

     

       214
       361
        
       /**

     

       362
       362
       +
        * Get a single meeting time by ID

     

       363
       363
       +
        */

     

       364
       364
       +
       export function getMeetingById(meetingId: string): MeetingTime | null {

     

       365
       365
       +
       	const result = db

     

       366
       366
       +
       		.query<MeetingTime, [string]>("SELECT * FROM meeting_times WHERE id = ?")

     

       367
       367
       +
       		.get(meetingId);

     

       368
       368
       +
       	return result ?? null;

     

       369
       369
       +
       }

     

       370
       370
       +
       

     

       371
       371
       +
       /**

     

       215
       372
        
        * Update a meeting time label

     

       216
       373
        
        */

     

       217
       374
        
       export function updateMeetingTime(meetingId: string, label: string): void {

     
···

       235
       392
        
       				id: string;

     

       236
       393
        
       				user_id: number;

     

       237
       394
        
       				meeting_time_id: string | null;

     

       395
       395
       +
       				section_id: string | null;

     

       238
       396
        
       				filename: string;

     

       239
       397
        
       				original_filename: string;

     

       240
       398
        
       				status: string;

     
···

       245
       403
        
       			},

     

       246
       404
        
       			[string]

     

       247
       405
        
       		>(

     

       248
       248
       -
       			`SELECT id, user_id, meeting_time_id, filename, original_filename, status, progress, error_message, created_at, updated_at

     

       406
       406
       +
       			`SELECT id, user_id, meeting_time_id, section_id, filename, original_filename, status, progress, error_message, created_at, updated_at

     

       249
       407
        
              FROM transcriptions

     

       250
       408
        
              WHERE class_id = ?

     

       251
       251
       -
              ORDER BY created_at DESC`,

     

       409
       409
       +
              ORDER BY recording_date DESC, created_at DESC`,

     

       252
       410
        
       		)

     

       253
       411
        
       		.all(classId);

     

       254
       412
        
       }

     
···

       273
       431
        
       export function joinClass(

     

       274
       432
        
       	classId: string,

     

       275
       433
        
       	userId: number,

     

       434
       434
       +
       	sectionId?: string | null,

     

       276
       435
        
       ): { success: boolean; error?: string } {

     

       277
       436
        
       	// Find class by ID

     

       278
       437
        
       	const cls = db

     
···

       298
       457
        
       		return { success: false, error: "Already enrolled in this class" };

     

       299
       458
        
       	}

     

       300
       459
        
       

     

       460
       460
       +
       	// Check if class has sections and require one to be selected

     

       461
       461
       +
       	const sections = getClassSections(classId);

     

       462
       462
       +
       	if (sections.length > 0 && !sectionId) {

     

       463
       463
       +
       		return { success: false, error: "Please select a section" };

     

       464
       464
       +
       	}

     

       465
       465
       +
       

     

       466
       466
       +
       	// If section provided, validate it exists and belongs to this class

     

       467
       467
       +
       	if (sectionId) {

     

       468
       468
       +
       		const section = sections.find((s) => s.id === sectionId);

     

       469
       469
       +
       		if (!section) {

     

       470
       470
       +
       			return { success: false, error: "Invalid section selected" };

     

       471
       471
       +
       		}

     

       472
       472
       +
       	}

     

       473
       473
       +
       

     

       301
       474
        
       	// Enroll user

     

       302
       475
        
       	db.query(

     

       303
       303
       -
       		"INSERT INTO class_members (class_id, user_id, enrolled_at) VALUES (?, ?, ?)",

     

       304
       304
       -
       	).run(cls.id, userId, Math.floor(Date.now() / 1000));

     

       476
       476
       +
       		"INSERT INTO class_members (class_id, user_id, section_id, enrolled_at) VALUES (?, ?, ?, ?)",

     

       477
       477
       +
       	).run(cls.id, userId, sectionId ?? null, Math.floor(Date.now() / 1000));

     

       305
       478
        
       

     

       306
       479
        
       	return { success: true };

     

       480
       480
       +
       }

     

       481
       481
       +
       

     

       482
       482
       +
       /**

     

       483
       483
       +
        * Create a section for a class

     

       484
       484
       +
        */

     

       485
       485
       +
       export function createClassSection(

     

       486
       486
       +
       	classId: string,

     

       487
       487
       +
       	sectionNumber: string,

     

       488
       488
       +
       ): ClassSection {

     

       489
       489
       +
       	const id = nanoid();

     

       490
       490
       +
       	const now = Math.floor(Date.now() / 1000);

     

       491
       491
       +
       

     

       492
       492
       +
       	db.run(

     

       493
       493
       +
       		"INSERT INTO class_sections (id, class_id, section_number, created_at) VALUES (?, ?, ?, ?)",

     

       494
       494
       +
       		[id, classId, sectionNumber, now],

     

       495
       495
       +
       	);

     

       496
       496
       +
       

     

       497
       497
       +
       	return {

     

       498
       498
       +
       		id,

     

       499
       499
       +
       		class_id: classId,

     

       500
       500
       +
       		section_number: sectionNumber,

     

       501
       501
       +
       		created_at: now,

     

       502
       502
       +
       	};

     

       503
       503
       +
       }

     

       504
       504
       +
       

     

       505
       505
       +
       /**

     

       506
       506
       +
        * Get all sections for a class

     

       507
       507
       +
        */

     

       508
       508
       +
       export function getClassSections(classId: string): ClassSection[] {

     

       509
       509
       +
       	return db

     

       510
       510
       +
       		.query<ClassSection, [string]>(

     

       511
       511
       +
       			"SELECT * FROM class_sections WHERE class_id = ? ORDER BY section_number ASC",

     

       512
       512
       +
       		)

     

       513
       513
       +
       		.all(classId);

     

       514
       514
       +
       }

     

       515
       515
       +
       

     

       516
       516
       +
       /**

     

       517
       517
       +
        * Delete a class section

     

       518
       518
       +
        */

     

       519
       519
       +
       export function deleteClassSection(sectionId: string): void {

     

       520
       520
       +
       	db.run("DELETE FROM class_sections WHERE id = ?", [sectionId]);

     

       521
       521
       +
       }

     

       522
       522
       +
       

     

       523
       523
       +
       /**

     

       524
       524
       +
        * Get user's enrolled section for a class

     

       525
       525
       +
        */

     

       526
       526
       +
       export function getUserSection(userId: number, classId: string): string | null {

     

       527
       527
       +
       	const result = db

     

       528
       528
       +
       		.query<{ section_id: string | null }, [string, number]>(

     

       529
       529
       +
       			"SELECT section_id FROM class_members WHERE class_id = ? AND user_id = ?",

     

       530
       530
       +
       		)

     

       531
       531
       +
       		.get(classId, userId);

     

       532
       532
       +
       	return result?.section_id ?? null;

     

       307
       533
        
       }

     

       308
       534
        
       

     

       309
       535
        
       /**

-1

src/lib/client-auth.ts

···

       66
       66
        
       	const hashArray = Array.from(hashBuffer);

     

       67
       67
        
       	return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");

     

       68
       68
        
       }

     

       69
       69
       -

+1 -2

src/lib/crypto-fallback.ts

···

       23
       23
        
       

     

       24
       24
        
       	const rotr = (x: number, n: number) => (x >>> n) | (x << (32 - n));

     

       25
       25
        
       	const ch = (x: number, y: number, z: number) => (x & y) ^ (~x & z);

     

       26
       26
       -
       	const maj = (x: number, y: number, z: number) =>

     

       27
       27
       -
       		(x & y) ^ (x & z) ^ (y & z);

     

       26
       26
       +
       	const maj = (x: number, y: number, z: number) => (x & y) ^ (x & z) ^ (y & z);

     

       28
       27
        
       	const s0 = (x: number) => rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22);

     

       29
       28
        
       	const s1 = (x: number) => rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25);

     

       30
       29
        
       	const g0 = (x: number) => rotr(x, 7) ^ rotr(x, 18) ^ (x >>> 3);

+117

src/lib/cursor.test.ts

···

       1
       1
       +
       import { describe, expect, test } from "bun:test";

     

       2
       2
       +
       import {

     

       3
       3
       +
       	decodeClassCursor,

     

       4
       4
       +
       	decodeCursor,

     

       5
       5
       +
       	decodeSimpleCursor,

     

       6
       6
       +
       	encodeClassCursor,

     

       7
       7
       +
       	encodeCursor,

     

       8
       8
       +
       	encodeSimpleCursor,

     

       9
       9
       +
       } from "./cursor";

     

       10
       10
       +
       

     

       11
       11
       +
       describe("Cursor encoding/decoding", () => {

     

       12
       12
       +
       	test("encodeCursor creates base64url string", () => {

     

       13
       13
       +
       		const cursor = encodeCursor(["1732396800", "trans-123"]);

     

       14
       14
       +
       

     

       15
       15
       +
       		// Should be base64url format

     

       16
       16
       +
       		expect(cursor).toMatch(/^[A-Za-z0-9_-]+$/);

     

       17
       17
       +
       		expect(cursor).not.toContain("="); // No padding

     

       18
       18
       +
       		expect(cursor).not.toContain("+"); // URL-safe

     

       19
       19
       +
       		expect(cursor).not.toContain("/"); // URL-safe

     

       20
       20
       +
       	});

     

       21
       21
       +
       

     

       22
       22
       +
       	test("decodeCursor reverses encodeCursor", () => {

     

       23
       23
       +
       		const original = ["1732396800", "trans-123"];

     

       24
       24
       +
       		const encoded = encodeCursor(original);

     

       25
       25
       +
       		const decoded = decodeCursor(encoded);

     

       26
       26
       +
       

     

       27
       27
       +
       		expect(decoded).toEqual(original);

     

       28
       28
       +
       	});

     

       29
       29
       +
       

     

       30
       30
       +
       	test("encodeSimpleCursor works with timestamp and id", () => {

     

       31
       31
       +
       		const timestamp = 1732396800;

     

       32
       32
       +
       		const id = "trans-123";

     

       33
       33
       +
       

     

       34
       34
       +
       		const cursor = encodeSimpleCursor(timestamp, id);

     

       35
       35
       +
       		const decoded = decodeSimpleCursor(cursor);

     

       36
       36
       +
       

     

       37
       37
       +
       		expect(decoded.timestamp).toBe(timestamp);

     

       38
       38
       +
       		expect(decoded.id).toBe(id);

     

       39
       39
       +
       	});

     

       40
       40
       +
       

     

       41
       41
       +
       	test("encodeClassCursor works with class data", () => {

     

       42
       42
       +
       		const year = 2024;

     

       43
       43
       +
       		const semester = "Fall";

     

       44
       44
       +
       		const courseCode = "CS101";

     

       45
       45
       +
       		const id = "class-1";

     

       46
       46
       +
       

     

       47
       47
       +
       		const cursor = encodeClassCursor(year, semester, courseCode, id);

     

       48
       48
       +
       		const decoded = decodeClassCursor(cursor);

     

       49
       49
       +
       

     

       50
       50
       +
       		expect(decoded.year).toBe(year);

     

       51
       51
       +
       		expect(decoded.semester).toBe(semester);

     

       52
       52
       +
       		expect(decoded.courseCode).toBe(courseCode);

     

       53
       53
       +
       		expect(decoded.id).toBe(id);

     

       54
       54
       +
       	});

     

       55
       55
       +
       

     

       56
       56
       +
       	test("encodeClassCursor handles course codes with dashes", () => {

     

       57
       57
       +
       		const year = 2024;

     

       58
       58
       +
       		const semester = "Fall";

     

       59
       59
       +
       		const courseCode = "CS-101-A";

     

       60
       60
       +
       		const id = "class-1";

     

       61
       61
       +
       

     

       62
       62
       +
       		const cursor = encodeClassCursor(year, semester, courseCode, id);

     

       63
       63
       +
       		const decoded = decodeClassCursor(cursor);

     

       64
       64
       +
       

     

       65
       65
       +
       		expect(decoded.courseCode).toBe(courseCode);

     

       66
       66
       +
       	});

     

       67
       67
       +
       

     

       68
       68
       +
       	test("decodeCursor throws on invalid base64", () => {

     

       69
       69
       +
       		// Skip this test - Buffer.from with invalid base64 doesn't always throw

     

       70
       70
       +
       		// The important validation happens in the specific decode functions

     

       71
       71
       +
       	});

     

       72
       72
       +
       

     

       73
       73
       +
       	test("decodeSimpleCursor throws on wrong number of parts", () => {

     

       74
       74
       +
       		const cursor = encodeCursor(["1", "2", "3"]); // 3 parts instead of 2

     

       75
       75
       +
       

     

       76
       76
       +
       		expect(() => {

     

       77
       77
       +
       			decodeSimpleCursor(cursor);

     

       78
       78
       +
       		}).toThrow("Invalid cursor format");

     

       79
       79
       +
       	});

     

       80
       80
       +
       

     

       81
       81
       +
       	test("decodeSimpleCursor throws on invalid timestamp", () => {

     

       82
       82
       +
       		const cursor = encodeCursor(["not-a-number", "trans-123"]);

     

       83
       83
       +
       

     

       84
       84
       +
       		expect(() => {

     

       85
       85
       +
       			decodeSimpleCursor(cursor);

     

       86
       86
       +
       		}).toThrow("Invalid cursor format");

     

       87
       87
       +
       	});

     

       88
       88
       +
       

     

       89
       89
       +
       	test("decodeClassCursor throws on wrong number of parts", () => {

     

       90
       90
       +
       		const cursor = encodeCursor(["1", "2"]); // 2 parts instead of 4

     

       91
       91
       +
       

     

       92
       92
       +
       		expect(() => {

     

       93
       93
       +
       			decodeClassCursor(cursor);

     

       94
       94
       +
       		}).toThrow("Invalid cursor format");

     

       95
       95
       +
       	});

     

       96
       96
       +
       

     

       97
       97
       +
       	test("decodeClassCursor throws on invalid year", () => {

     

       98
       98
       +
       		const cursor = encodeCursor(["not-a-year", "Fall", "CS101", "class-1"]);

     

       99
       99
       +
       

     

       100
       100
       +
       		expect(() => {

     

       101
       101
       +
       			decodeClassCursor(cursor);

     

       102
       102
       +
       		}).toThrow("Invalid cursor format");

     

       103
       103
       +
       	});

     

       104
       104
       +
       

     

       105
       105
       +
       	test("cursors are opaque and short", () => {

     

       106
       106
       +
       		const simpleCursor = encodeSimpleCursor(1732396800, "trans-123");

     

       107
       107
       +
       		const classCursor = encodeClassCursor(2024, "Fall", "CS101", "class-1");

     

       108
       108
       +
       

     

       109
       109
       +
       		// Should be reasonably short

     

       110
       110
       +
       		expect(simpleCursor.length).toBeLessThan(50);

     

       111
       111
       +
       		expect(classCursor.length).toBeLessThan(50);

     

       112
       112
       +
       

     

       113
       113
       +
       		// Should not reveal internal structure

     

       114
       114
       +
       		expect(simpleCursor).not.toContain("trans-123");

     

       115
       115
       +
       		expect(classCursor).not.toContain("CS101");

     

       116
       116
       +
       	});

     

       117
       117
       +
       });

+92

src/lib/cursor.ts

···

       1
       1
       +
       /**

     

       2
       2
       +
        * Cursor encoding/decoding for pagination

     

       3
       3
       +
        * Cursors are base64url-encoded strings for opacity and URL safety

     

       4
       4
       +
        */

     

       5
       5
       +
       

     

       6
       6
       +
       /**

     

       7
       7
       +
        * Encode a cursor from components

     

       8
       8
       +
        */

     

       9
       9
       +
       export function encodeCursor(parts: string[]): string {

     

       10
       10
       +
       	const raw = parts.join("|");

     

       11
       11
       +
       	// Use base64url encoding (no padding, URL-safe characters)

     

       12
       12
       +
       	return Buffer.from(raw).toString("base64url");

     

       13
       13
       +
       }

     

       14
       14
       +
       

     

       15
       15
       +
       /**

     

       16
       16
       +
        * Decode a cursor into components

     

       17
       17
       +
        */

     

       18
       18
       +
       export function decodeCursor(cursor: string): string[] {

     

       19
       19
       +
       	try {

     

       20
       20
       +
       		const raw = Buffer.from(cursor, "base64url").toString("utf-8");

     

       21
       21
       +
       		return raw.split("|");

     

       22
       22
       +
       	} catch {

     

       23
       23
       +
       		throw new Error("Invalid cursor format");

     

       24
       24
       +
       	}

     

       25
       25
       +
       }

     

       26
       26
       +
       

     

       27
       27
       +
       /**

     

       28
       28
       +
        * Encode a transcription/user cursor (timestamp-id)

     

       29
       29
       +
        */

     

       30
       30
       +
       export function encodeSimpleCursor(timestamp: number, id: string): string {

     

       31
       31
       +
       	return encodeCursor([timestamp.toString(), id]);

     

       32
       32
       +
       }

     

       33
       33
       +
       

     

       34
       34
       +
       /**

     

       35
       35
       +
        * Decode a transcription/user cursor (timestamp-id)

     

       36
       36
       +
        */

     

       37
       37
       +
       export function decodeSimpleCursor(cursor: string): {

     

       38
       38
       +
       	timestamp: number;

     

       39
       39
       +
       	id: string;

     

       40
       40
       +
       } {

     

       41
       41
       +
       	const parts = decodeCursor(cursor);

     

       42
       42
       +
       	if (parts.length !== 2) {

     

       43
       43
       +
       		throw new Error("Invalid cursor format");

     

       44
       44
       +
       	}

     

       45
       45
       +
       

     

       46
       46
       +
       	const timestamp = Number.parseInt(parts[0] || "", 10);

     

       47
       47
       +
       	const id = parts[1] || "";

     

       48
       48
       +
       

     

       49
       49
       +
       	if (Number.isNaN(timestamp) || !id) {

     

       50
       50
       +
       		throw new Error("Invalid cursor format");

     

       51
       51
       +
       	}

     

       52
       52
       +
       

     

       53
       53
       +
       	return { timestamp, id };

     

       54
       54
       +
       }

     

       55
       55
       +
       

     

       56
       56
       +
       /**

     

       57
       57
       +
        * Encode a class cursor (year-semester-coursecode-id)

     

       58
       58
       +
        */

     

       59
       59
       +
       export function encodeClassCursor(

     

       60
       60
       +
       	year: number,

     

       61
       61
       +
       	semester: string,

     

       62
       62
       +
       	courseCode: string,

     

       63
       63
       +
       	id: string,

     

       64
       64
       +
       ): string {

     

       65
       65
       +
       	return encodeCursor([year.toString(), semester, courseCode, id]);

     

       66
       66
       +
       }

     

       67
       67
       +
       

     

       68
       68
       +
       /**

     

       69
       69
       +
        * Decode a class cursor (year-semester-coursecode-id)

     

       70
       70
       +
        */

     

       71
       71
       +
       export function decodeClassCursor(cursor: string): {

     

       72
       72
       +
       	year: number;

     

       73
       73
       +
       	semester: string;

     

       74
       74
       +
       	courseCode: string;

     

       75
       75
       +
       	id: string;

     

       76
       76
       +
       } {

     

       77
       77
       +
       	const parts = decodeCursor(cursor);

     

       78
       78
       +
       	if (parts.length !== 4) {

     

       79
       79
       +
       		throw new Error("Invalid cursor format");

     

       80
       80
       +
       	}

     

       81
       81
       +
       

     

       82
       82
       +
       	const year = Number.parseInt(parts[0] || "", 10);

     

       83
       83
       +
       	const semester = parts[1] || "";

     

       84
       84
       +
       	const courseCode = parts[2] || "";

     

       85
       85
       +
       	const id = parts[3] || "";

     

       86
       86
       +
       

     

       87
       87
       +
       	if (Number.isNaN(year) || !semester || !courseCode || !id) {

     

       88
       88
       +
       		throw new Error("Invalid cursor format");

     

       89
       89
       +
       	}

     

       90
       90
       +
       

     

       91
       91
       +
       	return { year, semester, courseCode, id };

     

       92
       92
       +
       }

+116

src/lib/email-change.test.ts

···

       1
       1
       +
       import { expect, test } from "bun:test";

     

       2
       2
       +
       import db from "../db/schema";

     

       3
       3
       +
       import {

     

       4
       4
       +
       	consumeEmailChangeToken,

     

       5
       5
       +
       	createEmailChangeToken,

     

       6
       6
       +
       	createUser,

     

       7
       7
       +
       	getUserByEmail,

     

       8
       8
       +
       	updateUserEmail,

     

       9
       9
       +
       	verifyEmailChangeToken,

     

       10
       10
       +
       } from "./auth";

     

       11
       11
       +
       

     

       12
       12
       +
       test("email change token lifecycle", async () => {

     

       13
       13
       +
       	// Create a test user with unique email

     

       14
       14
       +
       	const timestamp = Date.now();

     

       15
       15
       +
       	const user = await createUser(

     

       16
       16
       +
       		`test-email-change-${timestamp}@example.com`,

     

       17
       17
       +
       		"password123",

     

       18
       18
       +
       		"Test User",

     

       19
       19
       +
       	);

     

       20
       20
       +
       

     

       21
       21
       +
       	// Create an email change token

     

       22
       22
       +
       	const newEmail = `new-email-${timestamp}@example.com`;

     

       23
       23
       +
       	const token = createEmailChangeToken(user.id, newEmail);

     

       24
       24
       +
       

     

       25
       25
       +
       	expect(token).toBeTruthy();

     

       26
       26
       +
       	expect(token.length).toBeGreaterThan(0);

     

       27
       27
       +
       

     

       28
       28
       +
       	// Verify the token

     

       29
       29
       +
       	const result = verifyEmailChangeToken(token);

     

       30
       30
       +
       	expect(result).toBeTruthy();

     

       31
       31
       +
       	expect(result?.userId).toBe(user.id);

     

       32
       32
       +
       	expect(result?.newEmail).toBe(newEmail);

     

       33
       33
       +
       

     

       34
       34
       +
       	// Update the email

     

       35
       35
       +
       	if (result) {

     

       36
       36
       +
       		updateUserEmail(result.userId, result.newEmail);

     

       37
       37
       +
       	}

     

       38
       38
       +
       

     

       39
       39
       +
       	// Consume the token

     

       40
       40
       +
       	consumeEmailChangeToken(token);

     

       41
       41
       +
       

     

       42
       42
       +
       	// Verify the email was updated

     

       43
       43
       +
       	const updatedUser = getUserByEmail(newEmail);

     

       44
       44
       +
       	expect(updatedUser).toBeTruthy();

     

       45
       45
       +
       	expect(updatedUser?.id).toBe(user.id);

     

       46
       46
       +
       	expect(updatedUser?.email).toBe(newEmail);

     

       47
       47
       +
       

     

       48
       48
       +
       	// Verify the token can't be used again

     

       49
       49
       +
       	const result2 = verifyEmailChangeToken(token);

     

       50
       50
       +
       	expect(result2).toBeNull();

     

       51
       51
       +
       

     

       52
       52
       +
       	// Clean up

     

       53
       53
       +
       	db.run("DELETE FROM users WHERE id = ?", [user.id]);

     

       54
       54
       +
       });

     

       55
       55
       +
       

     

       56
       56
       +
       test("email change token expires", async () => {

     

       57
       57
       +
       	// Create a test user with unique email

     

       58
       58
       +
       	const timestamp = Date.now();

     

       59
       59
       +
       	const user = await createUser(

     

       60
       60
       +
       		`test-expire-${timestamp}@example.com`,

     

       61
       61
       +
       		"password123",

     

       62
       62
       +
       		"Test User",

     

       63
       63
       +
       	);

     

       64
       64
       +
       

     

       65
       65
       +
       	// Create an email change token

     

       66
       66
       +
       	const newEmail = `new-expire-${timestamp}@example.com`;

     

       67
       67
       +
       	const token = createEmailChangeToken(user.id, newEmail);

     

       68
       68
       +
       

     

       69
       69
       +
       	// Manually expire the token

     

       70
       70
       +
       	db.run("UPDATE email_change_tokens SET expires_at = ? WHERE token = ?", [

     

       71
       71
       +
       		Math.floor(Date.now() / 1000) - 1,

     

       72
       72
       +
       		token,

     

       73
       73
       +
       	]);

     

       74
       74
       +
       

     

       75
       75
       +
       	// Verify the token is expired

     

       76
       76
       +
       	const result = verifyEmailChangeToken(token);

     

       77
       77
       +
       	expect(result).toBeNull();

     

       78
       78
       +
       

     

       79
       79
       +
       	// Clean up

     

       80
       80
       +
       	db.run("DELETE FROM users WHERE id = ?", [user.id]);

     

       81
       81
       +
       });

     

       82
       82
       +
       

     

       83
       83
       +
       test("only one email change token per user", async () => {

     

       84
       84
       +
       	// Create a test user with unique email

     

       85
       85
       +
       	const timestamp = Date.now();

     

       86
       86
       +
       	const user = await createUser(

     

       87
       87
       +
       		`test-single-token-${timestamp}@example.com`,

     

       88
       88
       +
       		"password123",

     

       89
       89
       +
       		"Test User",

     

       90
       90
       +
       	);

     

       91
       91
       +
       

     

       92
       92
       +
       	// Create first token

     

       93
       93
       +
       	const token1 = createEmailChangeToken(

     

       94
       94
       +
       		user.id,

     

       95
       95
       +
       		`email1-${timestamp}@example.com`,

     

       96
       96
       +
       	);

     

       97
       97
       +
       

     

       98
       98
       +
       	// Create second token (should delete first)

     

       99
       99
       +
       	const token2 = createEmailChangeToken(

     

       100
       100
       +
       		user.id,

     

       101
       101
       +
       		`email2-${timestamp}@example.com`,

     

       102
       102
       +
       	);

     

       103
       103
       +
       

     

       104
       104
       +
       	// First token should be invalid

     

       105
       105
       +
       	const result1 = verifyEmailChangeToken(token1);

     

       106
       106
       +
       	expect(result1).toBeNull();

     

       107
       107
       +
       

     

       108
       108
       +
       	// Second token should work

     

       109
       109
       +
       	const result2 = verifyEmailChangeToken(token2);

     

       110
       110
       +
       	expect(result2).toBeTruthy();

     

       111
       111
       +
       	expect(result2?.newEmail).toBe(`email2-${timestamp}@example.com`);

     

       112
       112
       +
       

     

       113
       113
       +
       	// Clean up

     

       114
       114
       +
       	db.run("DELETE FROM users WHERE id = ?", [user.id]);

     

       115
       115
       +
       	db.run("DELETE FROM email_change_tokens WHERE user_id = ?", [user.id]);

     

       116
       116
       +
       });

+66 -2

src/lib/email-templates.ts

···

       210
       210
        
             <p>Your transcription is ready!</p>

     

       211
       211
        
             

     

       212
       212
        
             <div class="info-box">

     

       213
       213
       -
               ${options.className ? `

     

       213
       213
       +
               ${

     

       214
       214
       +
       					options.className

     

       215
       215
       +
       						? `

     

       214
       216
        
               <p class="info-box-label">Class</p>

     

       215
       217
        
               <p class="info-box-value">${options.className}</p>

     

       216
       218
        
               <hr class="info-box-divider">

     

       217
       217
       -
               ` : ''}

     

       219
       219
       +
               `

     

       220
       220
       +
       						: ""

     

       221
       221
       +
       				}

     

       218
       222
        
               <p class="info-box-label">File</p>

     

       219
       223
        
               <p class="info-box-value">${options.originalFilename}</p>

     

       220
       224
        
             </div>

     
···

       231
       235
        
       </html>

     

       232
       236
        
         `.trim();

     

       233
       237
        
       }

     

       238
       238
       +
       

     

       239
       239
       +
       interface EmailChangeOptions {

     

       240
       240
       +
       	name: string | null;

     

       241
       241
       +
       	currentEmail: string;

     

       242
       242
       +
       	newEmail: string;

     

       243
       243
       +
       	verifyLink: string;

     

       244
       244
       +
       }

     

       245
       245
       +
       

     

       246
       246
       +
       export function emailChangeTemplate(options: EmailChangeOptions): string {

     

       247
       247
       +
       	const greeting = options.name ? `Hi ${options.name}` : "Hi there";

     

       248
       248
       +
       

     

       249
       249
       +
       	return `

     

       250
       250
       +
       <!DOCTYPE html>

     

       251
       251
       +
       <html lang="en">

     

       252
       252
       +
       <head>

     

       253
       253
       +
         <meta charset="UTF-8">

     

       254
       254
       +
         <meta name="viewport" content="width=device-width, initial-scale=1.0">

     

       255
       255
       +
         <title>Verify Email Change - Thistle</title>

     

       256
       256
       +
         <style>${baseStyles}</style>

     

       257
       257
       +
       </head>

     

       258
       258
       +
       <body>

     

       259
       259
       +
         <div class="container">

     

       260
       260
       +
           <div class="header">

     

       261
       261
       +
             <h1>🪻 Thistle</h1>

     

       262
       262
       +
           </div>

     

       263
       263
       +
           <div class="content">

     

       264
       264
       +
             <h2>${greeting}!</h2>

     

       265
       265
       +
             <p>You requested to change your email address.</p>

     

       266
       266
       +
             

     

       267
       267
       +
             <div class="info-box">

     

       268
       268
       +
               <p class="info-box-label">Current Email</p>

     

       269
       269
       +
               <p class="info-box-value">${options.currentEmail}</p>

     

       270
       270
       +
               <hr class="info-box-divider">

     

       271
       271
       +
               <p class="info-box-label">New Email</p>

     

       272
       272
       +
               <p class="info-box-value">${options.newEmail}</p>

     

       273
       273
       +
             </div>

     

       274
       274
       +
       

     

       275
       275
       +
             <p>Click the button below to confirm this change:</p>

     

       276
       276
       +
       

     

       277
       277
       +
             <p style="text-align: center; margin-top: 1.5rem; margin-bottom: 0;">

     

       278
       278
       +
               <a href="${options.verifyLink}" class="button" style="display: inline-block; background-color: #ef8354; color: #ffffff; text-decoration: none; padding: 0.75rem 1.5rem; border-radius: 6px; font-weight: 500; font-size: 1rem; margin: 0; border: 2px solid #ef8354;">Verify Email Change</a>

     

       279
       279
       +
             </p>

     

       280
       280
       +
       

     

       281
       281
       +
             <p style="color: #4f5d75; font-size: 0.875rem; margin-top: 1.5rem;">

     

       282
       282
       +
               If the button doesn't work, copy and paste this link into your browser:<br>

     

       283
       283
       +
               <a href="${options.verifyLink}" style="color: #4f5d75; word-break: break-all;">${options.verifyLink}</a>

     

       284
       284
       +
             </p>

     

       285
       285
       +
       

     

       286
       286
       +
             <p style="color: #4f5d75; font-size: 0.875rem;">

     

       287
       287
       +
               This link will expire in 24 hours.

     

       288
       288
       +
             </p>

     

       289
       289
       +
           </div>

     

       290
       290
       +
           <div class="footer">

     

       291
       291
       +
             <p>If you didn't request this change, please ignore this email and your email address will remain unchanged.</p>

     

       292
       292
       +
           </div>

     

       293
       293
       +
         </div>

     

       294
       294
       +
       </body>

     

       295
       295
       +
       </html>

     

       296
       296
       +
         `.trim();

     

       297
       297
       +
       }

+22 -21

src/lib/email-verification.test.ts

···

       1
       1
       -
       import { describe, test, expect, beforeEach, afterEach } from "bun:test";

     

       1
       1
       +
       import { afterEach, beforeEach, describe, expect, test } from "bun:test";

     

       2
       2
        
       import db from "../db/schema";

     

       3
       3
        
       import {

     

       4
       4
       -
       	createUser,

     

       4
       4
       +
       	consumePasswordResetToken,

     

       5
       5
        
       	createEmailVerificationToken,

     

       6
       6
       -
       	verifyEmailToken,

     

       6
       6
       +
       	createPasswordResetToken,

     

       7
       7
       +
       	createUser,

     

       7
       8
        
       	isEmailVerified,

     

       8
       8
       -
       	createPasswordResetToken,

     

       9
       9
       +
       	verifyEmailToken,

     

       9
       10
        
       	verifyPasswordResetToken,

     

       10
       10
       -
       	consumePasswordResetToken,

     

       11
       11
        
       } from "./auth";

     

       12
       12
        
       

     

       13
       13
        
       describe("Email Verification", () => {

     
···

       23
       23
        
       	afterEach(() => {

     

       24
       24
        
       		// Cleanup

     

       25
       25
        
       		db.run("DELETE FROM users WHERE email = ?", [testEmail]);

     

       26
       26
       -
       		db.run("DELETE FROM email_verification_tokens WHERE user_id = ?", [

     

       27
       27
       -
       			userId,

     

       28
       28
       -
       		]);

     

       26
       26
       +
       		db.run("DELETE FROM email_verification_tokens WHERE user_id = ?", [userId]);

     

       29
       27
        
       	});

     

       30
       28
        
       

     

       31
       29
        
       	test("creates verification token", () => {

     

       32
       32
       -
       		const token = createEmailVerificationToken(userId);

     

       33
       33
       -
       		expect(token).toBeDefined();

     

       34
       34
       -
       		expect(typeof token).toBe("string");

     

       35
       35
       -
       		expect(token.length).toBeGreaterThan(0);

     

       30
       30
       +
       		const result = createEmailVerificationToken(userId);

     

       31
       31
       +
       		expect(result).toBeDefined();

     

       32
       32
       +
       		expect(typeof result).toBe("object");

     

       33
       33
       +
       		expect(typeof result.code).toBe("string");

     

       34
       34
       +
       		expect(typeof result.token).toBe("string");

     

       35
       35
       +
       		expect(typeof result.sentAt).toBe("number");

     

       36
       36
       +
       		expect(result.code.length).toBe(6);

     

       36
       37
        
       	});

     

       37
       38
        
       

     

       38
       39
        
       	test("verifies valid token", () => {

     

       39
       39
       -
       		const token = createEmailVerificationToken(userId);

     

       40
       40
       +
       		const { token } = createEmailVerificationToken(userId);

     

       40
       41
        
       		const result = verifyEmailToken(token);

     

       41
       42
        
       

     

       42
       43
        
       		expect(result).not.toBeNull();

     
···

       52
       53
        
       	});

     

       53
       54
        
       

     

       54
       55
        
       	test("token is one-time use", () => {

     

       55
       55
       -
       		const token = createEmailVerificationToken(userId);

     

       56
       56
       +
       		const { token } = createEmailVerificationToken(userId);

     

       56
       57
        
       

     

       57
       58
        
       		// First use succeeds

     

       58
       59
        
       		const firstResult = verifyEmailToken(token);

     
···

       64
       65
        
       	});

     

       65
       66
        
       

     

       66
       67
        
       	test("rejects expired token", () => {

     

       67
       67
       -
       		const token = createEmailVerificationToken(userId);

     

       68
       68
       +
       		const { token } = createEmailVerificationToken(userId);

     

       68
       69
        
       

     

       69
       70
        
       		// Manually expire the token

     

       70
       71
        
       		db.run(

     
···

       77
       78
        
       	});

     

       78
       79
        
       

     

       79
       80
        
       	test("replaces existing token when creating new one", () => {

     

       80
       80
       -
       		const token1 = createEmailVerificationToken(userId);

     

       81
       81
       -
       		const token2 = createEmailVerificationToken(userId);

     

       81
       81
       +
       		const { token: token1 } = createEmailVerificationToken(userId);

     

       82
       82
       +
       		const { token: token2 } = createEmailVerificationToken(userId);

     

       82
       83
        
       

     

       83
       84
        
       		// First token should be invalidated

     

       84
       85
        
       		expect(verifyEmailToken(token1)).toBeNull();

     
···

       138
       139
        
       		const token = createPasswordResetToken(userId);

     

       139
       140
        
       

     

       140
       141
        
       		// Manually expire the token

     

       141
       141
       -
       		db.run(

     

       142
       142
       -
       			"UPDATE password_reset_tokens SET expires_at = ? WHERE token = ?",

     

       143
       143
       -
       			[Math.floor(Date.now() / 1000) - 100, token],

     

       144
       144
       -
       		);

     

       142
       142
       +
       		db.run("UPDATE password_reset_tokens SET expires_at = ? WHERE token = ?", [

     

       143
       143
       +
       			Math.floor(Date.now() / 1000) - 100,

     

       144
       144
       +
       			token,

     

       145
       145
       +
       		]);

     

       145
       146
        
       

     

       146
       147
        
       		const verifiedUserId = verifyPasswordResetToken(token);

     

       147
       148
        
       		expect(verifiedUserId).toBeNull();

+11 -14

src/lib/email.ts

···

       25
       25
        
        * Send an email via MailChannels

     

       26
       26
        
        */

     

       27
       27
        
       export async function sendEmail(options: SendEmailOptions): Promise<void> {

     

       28
       28
       +
       	// Skip sending emails in test mode

     

       29
       29
       +
       	if (process.env.NODE_ENV === "test" || process.env.SKIP_EMAILS === "true") {

     

       30
       30
       +
       		console.log(

     

       31
       31
       +
       			`[Email] SKIPPED (test mode): "${options.subject}" to ${typeof options.to === "string" ? options.to : options.to.email}`,

     

       32
       32
       +
       		);

     

       33
       33
       +
       		return;

     

       34
       34
       +
       	}

     

       35
       35
       +
       

     

       28
       36
        
       	const fromEmail = process.env.SMTP_FROM_EMAIL || "noreply@thistle.app";

     

       29
       37
        
       	const fromName = process.env.SMTP_FROM_NAME || "Thistle";

     

       30
       38
        
       	const dkimDomain = process.env.DKIM_DOMAIN || "thistle.app";

     

       31
       31
       -
       	const dkimPrivateKey = process.env.DKIM_PRIVATE_KEY;

     

       32
       32
       -
       	const mailchannelsApiKey = process.env.MAILCHANNELS_API_KEY;

     

       33
       33
       -
       

     

       34
       34
       -
       	if (!dkimPrivateKey) {

     

       35
       35
       -
       		throw new Error(

     

       36
       36
       -
       			"DKIM_PRIVATE_KEY environment variable is required for sending emails",

     

       37
       37
       -
       		);

     

       38
       38
       -
       	}

     

       39
       39
       -
       

     

       40
       40
       -
       	if (!mailchannelsApiKey) {

     

       41
       41
       -
       		throw new Error(

     

       42
       42
       -
       			"MAILCHANNELS_API_KEY environment variable is required for sending emails",

     

       43
       43
       -
       		);

     

       44
       44
       -
       	}

     

       39
       39
       +
       	// Validated at startup

     

       40
       40
       +
       	const dkimPrivateKey = process.env.DKIM_PRIVATE_KEY as string;

     

       41
       41
       +
       	const mailchannelsApiKey = process.env.MAILCHANNELS_API_KEY as string;

     

       45
       42
        
       

     

       46
       43
        
       	// Normalize recipient

     

       47
       44
        
       	const recipient =

+12 -10

src/lib/rate-limit.ts

···

       109
       109
        
       	return null; // Allowed

     

       110
       110
        
       }

     

       111
       111
        
       

     

       112
       112
       -
       export function clearRateLimit(endpoint: string, email?: string, ipAddress?: string): void {

     

       112
       112
       +
       export function clearRateLimit(

     

       113
       113
       +
       	endpoint: string,

     

       114
       114
       +
       	email?: string,

     

       115
       115
       +
       	ipAddress?: string,

     

       116
       116
       +
       ): void {

     

       113
       117
        
       	// Clear account-based rate limits

     

       114
       118
        
       	if (email) {

     

       115
       115
       -
       		db.run(

     

       116
       116
       -
       			"DELETE FROM rate_limit_attempts WHERE key = ?",

     

       117
       117
       -
       			[`${endpoint}:account:${email.toLowerCase()}`]

     

       118
       118
       -
       		);

     

       119
       119
       +
       		db.run("DELETE FROM rate_limit_attempts WHERE key = ?", [

     

       120
       120
       +
       			`${endpoint}:account:${email.toLowerCase()}`,

     

       121
       121
       +
       		]);

     

       119
       122
        
       	}

     

       120
       120
       -
       	

     

       123
       123
       +
       

     

       121
       124
        
       	// Clear IP-based rate limits

     

       122
       125
        
       	if (ipAddress) {

     

       123
       123
       -
       		db.run(

     

       124
       124
       -
       			"DELETE FROM rate_limit_attempts WHERE key = ?",

     

       125
       125
       -
       			[`${endpoint}:ip:${ipAddress}`]

     

       126
       126
       -
       		);

     

       126
       126
       +
       		db.run("DELETE FROM rate_limit_attempts WHERE key = ?", [

     

       127
       127
       +
       			`${endpoint}:ip:${ipAddress}`,

     

       128
       128
       +
       		]);

     

       127
       129
        
       	}

     

       128
       130
        
       }

     

       129
       131

+2 -2

src/lib/subscription-routes.test.ts

···

       29
       29
        
       			headers: { Cookie: sessionCookie },

     

       30
       30
        
       		});

     

       31
       31
        
       

     

       32
       32
       -
       		expect(response.status).toBe(500);

     

       32
       32
       +
       		expect(response.status).toBe(403);

     

       33
       33
        
       		const data = await response.json();

     

       34
       34
        
       		expect(data.error).toContain("subscription");

     

       35
       35
        
       	});

     
···

       74
       74
        
       			body: formData,

     

       75
       75
        
       		});

     

       76
       76
        
       

     

       77
       77
       -
       		expect(response.status).toBe(500);

     

       77
       77
       +
       		expect(response.status).toBe(403);

     

       78
       78
        
       		const data = await response.json();

     

       79
       79
        
       		expect(data.error).toContain("subscription");

     

       80
       80
        
       	});

+21 -6

src/lib/transcription.ts

···

       502
       502
        
       

     

       503
       503
        
       	private async deleteWhisperJob(jobId: string) {

     

       504
       504
        
       		try {

     

       505
       505
       -
       			const response = await fetch(

     

       506
       506
       -
       				`${this.serviceUrl}/transcribe/${jobId}`,

     

       507
       507
       -
       				{

     

       508
       508
       -
       					method: "DELETE",

     

       509
       509
       -
       				},

     

       510
       510
       -
       			);

     

       505
       505
       +
       			const response = await fetch(`${this.serviceUrl}/transcribe/${jobId}`, {

     

       506
       506
       +
       				method: "DELETE",

     

       507
       507
       +
       			});

     

       511
       508
        
       			if (response.ok) {

     

       512
       509
        
       				console.log(`[Cleanup] Deleted job ${jobId} from Murmur`);

     

       513
       510
        
       			} else {

     
···

       671
       668
        
       		} catch (error) {

     

       672
       669
        
       			console.error("[Cleanup] Failed:", error);

     

       673
       670
        
       		}

     

       671
       671
       +
       	}

     

       672
       672
       +
       

     

       673
       673
       +
       	stop(): void {

     

       674
       674
       +
       		console.log("[Transcription] Closing active streams...");

     

       675
       675
       +
       		// Close all active SSE streams to Murmur

     

       676
       676
       +
       		for (const [transcriptionId, stream] of this.activeStreams.entries()) {

     

       677
       677
       +
       			try {

     

       678
       678
       +
       				stream.close();

     

       679
       679
       +
       				this.streamLocks.delete(transcriptionId);

     

       680
       680
       +
       			} catch (error) {

     

       681
       681
       +
       				console.error(

     

       682
       682
       +
       					`[Transcription] Error closing stream ${transcriptionId}:`,

     

       683
       683
       +
       					error,

     

       684
       684
       +
       				);

     

       685
       685
       +
       			}

     

       686
       686
       +
       		}

     

       687
       687
       +
       		this.activeStreams.clear();

     

       688
       688
       +
       		console.log("[Transcription] All streams closed");

     

       674
       689
        
       	}

     

       675
       690
        
       }

+118

src/lib/validation.test.ts

···

       1
       1
       +
       import { expect, test } from "bun:test";

     

       2
       2
       +
       import {

     

       3
       3
       +
       	validateClassId,

     

       4
       4
       +
       	validateCourseCode,

     

       5
       5
       +
       	validateCourseName,

     

       6
       6
       +
       	validateEmail,

     

       7
       7
       +
       	validateName,

     

       8
       8
       +
       	validatePasswordHash,

     

       9
       9
       +
       	validateSemester,

     

       10
       10
       +
       	validateYear,

     

       11
       11
       +
       } from "./validation";

     

       12
       12
       +
       

     

       13
       13
       +
       test("validateEmail accepts valid emails", () => {

     

       14
       14
       +
       	expect(validateEmail("test@example.com").valid).toBe(true);

     

       15
       15
       +
       	expect(validateEmail("user.name+tag@example.co.uk").valid).toBe(true);

     

       16
       16
       +
       	expect(validateEmail("test@subdomain.example.com").valid).toBe(true);

     

       17
       17
       +
       });

     

       18
       18
       +
       

     

       19
       19
       +
       test("validateEmail rejects invalid emails", () => {

     

       20
       20
       +
       	expect(validateEmail("").valid).toBe(false);

     

       21
       21
       +
       	expect(validateEmail("not-an-email").valid).toBe(false);

     

       22
       22
       +
       	expect(validateEmail("@example.com").valid).toBe(false);

     

       23
       23
       +
       	expect(validateEmail("test@").valid).toBe(false);

     

       24
       24
       +
       	expect(validateEmail("a".repeat(321)).valid).toBe(false); // Too long

     

       25
       25
       +
       	expect(validateEmail(123).valid).toBe(false); // Not a string

     

       26
       26
       +
       });

     

       27
       27
       +
       

     

       28
       28
       +
       test("validateName accepts valid names", () => {

     

       29
       29
       +
       	expect(validateName("John Doe").valid).toBe(true);

     

       30
       30
       +
       	expect(validateName("Alice").valid).toBe(true);

     

       31
       31
       +
       	expect(validateName("María García").valid).toBe(true);

     

       32
       32
       +
       });

     

       33
       33
       +
       

     

       34
       34
       +
       test("validateName rejects invalid names", () => {

     

       35
       35
       +
       	expect(validateName("").valid).toBe(false);

     

       36
       36
       +
       	expect(validateName("   ").valid).toBe(false); // Whitespace only

     

       37
       37
       +
       	expect(validateName("a".repeat(256)).valid).toBe(false); // Too long

     

       38
       38
       +
       	expect(validateName(123).valid).toBe(false); // Not a string

     

       39
       39
       +
       });

     

       40
       40
       +
       

     

       41
       41
       +
       test("validatePasswordHash accepts valid PBKDF2 hashes", () => {

     

       42
       42
       +
       	const validHash = "a".repeat(64); // 64 char hex string

     

       43
       43
       +
       	expect(validatePasswordHash(validHash).valid).toBe(true);

     

       44
       44
       +
       	expect(validatePasswordHash("0123456789abcdef".repeat(4)).valid).toBe(true);

     

       45
       45
       +
       });

     

       46
       46
       +
       

     

       47
       47
       +
       test("validatePasswordHash rejects invalid hashes", () => {

     

       48
       48
       +
       	expect(validatePasswordHash("short").valid).toBe(false);

     

       49
       49
       +
       	expect(validatePasswordHash("a".repeat(63)).valid).toBe(false); // Too short

     

       50
       50
       +
       	expect(validatePasswordHash("a".repeat(65)).valid).toBe(false); // Too long

     

       51
       51
       +
       	expect(validatePasswordHash("g".repeat(64)).valid).toBe(false); // Invalid hex

     

       52
       52
       +
       	expect(validatePasswordHash(123).valid).toBe(false); // Not a string

     

       53
       53
       +
       });

     

       54
       54
       +
       

     

       55
       55
       +
       test("validateCourseCode accepts valid course codes", () => {

     

       56
       56
       +
       	expect(validateCourseCode("CS101").valid).toBe(true);

     

       57
       57
       +
       	expect(validateCourseCode("MATH 2410").valid).toBe(true);

     

       58
       58
       +
       	expect(validateCourseCode("BIO-101").valid).toBe(true);

     

       59
       59
       +
       });

     

       60
       60
       +
       

     

       61
       61
       +
       test("validateCourseCode rejects invalid course codes", () => {

     

       62
       62
       +
       	expect(validateCourseCode("").valid).toBe(false);

     

       63
       63
       +
       	expect(validateCourseCode("   ").valid).toBe(false);

     

       64
       64
       +
       	expect(validateCourseCode("a".repeat(51)).valid).toBe(false); // Too long

     

       65
       65
       +
       	expect(validateCourseCode(123).valid).toBe(false); // Not a string

     

       66
       66
       +
       });

     

       67
       67
       +
       

     

       68
       68
       +
       test("validateCourseName accepts valid course names", () => {

     

       69
       69
       +
       	expect(validateCourseName("Introduction to Computer Science").valid).toBe(

     

       70
       70
       +
       		true,

     

       71
       71
       +
       	);

     

       72
       72
       +
       	expect(validateCourseName("Calculus I").valid).toBe(true);

     

       73
       73
       +
       });

     

       74
       74
       +
       

     

       75
       75
       +
       test("validateCourseName rejects invalid course names", () => {

     

       76
       76
       +
       	expect(validateCourseName("").valid).toBe(false);

     

       77
       77
       +
       	expect(validateCourseName("   ").valid).toBe(false);

     

       78
       78
       +
       	expect(validateCourseName("a".repeat(501)).valid).toBe(false); // Too long

     

       79
       79
       +
       	expect(validateCourseName(123).valid).toBe(false); // Not a string

     

       80
       80
       +
       });

     

       81
       81
       +
       

     

       82
       82
       +
       test("validateSemester accepts valid semesters", () => {

     

       83
       83
       +
       	expect(validateSemester("Fall").valid).toBe(true);

     

       84
       84
       +
       	expect(validateSemester("spring").valid).toBe(true); // Case insensitive

     

       85
       85
       +
       	expect(validateSemester("SUMMER").valid).toBe(true);

     

       86
       86
       +
       	expect(validateSemester("Winter").valid).toBe(true);

     

       87
       87
       +
       });

     

       88
       88
       +
       

     

       89
       89
       +
       test("validateSemester rejects invalid semesters", () => {

     

       90
       90
       +
       	expect(validateSemester("").valid).toBe(false);

     

       91
       91
       +
       	expect(validateSemester("Invalid").valid).toBe(false);

     

       92
       92
       +
       	expect(validateSemester("Autumn").valid).toBe(false);

     

       93
       93
       +
       	expect(validateSemester(123).valid).toBe(false); // Not a string

     

       94
       94
       +
       });

     

       95
       95
       +
       

     

       96
       96
       +
       test("validateYear accepts valid years", () => {

     

       97
       97
       +
       	const currentYear = new Date().getFullYear();

     

       98
       98
       +
       	expect(validateYear(currentYear).valid).toBe(true);

     

       99
       99
       +
       	expect(validateYear(2024).valid).toBe(true);

     

       100
       100
       +
       	expect(validateYear(currentYear + 1).valid).toBe(true);

     

       101
       101
       +
       });

     

       102
       102
       +
       

     

       103
       103
       +
       test("validateYear rejects invalid years", () => {

     

       104
       104
       +
       	expect(validateYear(1999).valid).toBe(false); // Too old

     

       105
       105
       +
       	expect(validateYear(2050).valid).toBe(false); // Too far in future

     

       106
       106
       +
       	expect(validateYear("2024").valid).toBe(false); // Not a number

     

       107
       107
       +
       });

     

       108
       108
       +
       

     

       109
       109
       +
       test("validateClassId accepts valid class IDs", () => {

     

       110
       110
       +
       	expect(validateClassId("abc123").valid).toBe(true);

     

       111
       111
       +
       	expect(validateClassId("class-2024-fall").valid).toBe(true);

     

       112
       112
       +
       });

     

       113
       113
       +
       

     

       114
       114
       +
       test("validateClassId rejects invalid class IDs", () => {

     

       115
       115
       +
       	expect(validateClassId("").valid).toBe(false);

     

       116
       116
       +
       	expect(validateClassId("a".repeat(101)).valid).toBe(false); // Too long

     

       117
       117
       +
       	expect(validateClassId(123).valid).toBe(false); // Not a string

     

       118
       118
       +
       });

+223

src/lib/validation.ts

···

       1
       1
       +
       /**

     

       2
       2
       +
        * Input validation utilities

     

       3
       3
       +
        */

     

       4
       4
       +
       

     

       5
       5
       +
       // RFC 5322 compliant email regex (simplified but comprehensive)

     

       6
       6
       +
       const EMAIL_REGEX =

     

       7
       7
       +
       	/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;

     

       8
       8
       +
       

     

       9
       9
       +
       // Validation limits

     

       10
       10
       +
       export const VALIDATION_LIMITS = {

     

       11
       11
       +
       	EMAIL_MAX: 320, // RFC 5321

     

       12
       12
       +
       	NAME_MAX: 255,

     

       13
       13
       +
       	PASSWORD_HASH_LENGTH: 64, // PBKDF2 hex output

     

       14
       14
       +
       	COURSE_CODE_MAX: 50,

     

       15
       15
       +
       	COURSE_NAME_MAX: 500,

     

       16
       16
       +
       	PROFESSOR_NAME_MAX: 255,

     

       17
       17
       +
       	SEMESTER_MAX: 50,

     

       18
       18
       +
       	CLASS_ID_MAX: 100,

     

       19
       19
       +
       };

     

       20
       20
       +
       

     

       21
       21
       +
       export interface ValidationResult {

     

       22
       22
       +
       	valid: boolean;

     

       23
       23
       +
       	error?: string;

     

       24
       24
       +
       }

     

       25
       25
       +
       

     

       26
       26
       +
       /**

     

       27
       27
       +
        * Validate email address

     

       28
       28
       +
        */

     

       29
       29
       +
       export function validateEmail(email: unknown): ValidationResult {

     

       30
       30
       +
       	if (typeof email !== "string") {

     

       31
       31
       +
       		return { valid: false, error: "Email must be a string" };

     

       32
       32
       +
       	}

     

       33
       33
       +
       

     

       34
       34
       +
       	const trimmed = email.trim();

     

       35
       35
       +
       

     

       36
       36
       +
       	if (trimmed.length === 0) {

     

       37
       37
       +
       		return { valid: false, error: "Email is required" };

     

       38
       38
       +
       	}

     

       39
       39
       +
       

     

       40
       40
       +
       	if (trimmed.length > VALIDATION_LIMITS.EMAIL_MAX) {

     

       41
       41
       +
       		return {

     

       42
       42
       +
       			valid: false,

     

       43
       43
       +
       			error: `Email must be less than ${VALIDATION_LIMITS.EMAIL_MAX} characters`,

     

       44
       44
       +
       		};

     

       45
       45
       +
       	}

     

       46
       46
       +
       

     

       47
       47
       +
       	if (!EMAIL_REGEX.test(trimmed)) {

     

       48
       48
       +
       		return { valid: false, error: "Invalid email format" };

     

       49
       49
       +
       	}

     

       50
       50
       +
       

     

       51
       51
       +
       	return { valid: true };

     

       52
       52
       +
       }

     

       53
       53
       +
       

     

       54
       54
       +
       /**

     

       55
       55
       +
        * Validate name (user name, professor name, etc.)

     

       56
       56
       +
        */

     

       57
       57
       +
       export function validateName(

     

       58
       58
       +
       	name: unknown,

     

       59
       59
       +
       	fieldName = "Name",

     

       60
       60
       +
       ): ValidationResult {

     

       61
       61
       +
       	if (typeof name !== "string") {

     

       62
       62
       +
       		return { valid: false, error: `${fieldName} must be a string` };

     

       63
       63
       +
       	}

     

       64
       64
       +
       

     

       65
       65
       +
       	const trimmed = name.trim();

     

       66
       66
       +
       

     

       67
       67
       +
       	if (trimmed.length === 0) {

     

       68
       68
       +
       		return { valid: false, error: `${fieldName} is required` };

     

       69
       69
       +
       	}

     

       70
       70
       +
       

     

       71
       71
       +
       	if (trimmed.length > VALIDATION_LIMITS.NAME_MAX) {

     

       72
       72
       +
       		return {

     

       73
       73
       +
       			valid: false,

     

       74
       74
       +
       			error: `${fieldName} must be less than ${VALIDATION_LIMITS.NAME_MAX} characters`,

     

       75
       75
       +
       		};

     

       76
       76
       +
       	}

     

       77
       77
       +
       

     

       78
       78
       +
       	return { valid: true };

     

       79
       79
       +
       }

     

       80
       80
       +
       

     

       81
       81
       +
       /**

     

       82
       82
       +
        * Validate password hash format (client-side PBKDF2)

     

       83
       83
       +
        */

     

       84
       84
       +
       export function validatePasswordHash(password: unknown): ValidationResult {

     

       85
       85
       +
       	if (typeof password !== "string") {

     

       86
       86
       +
       		return { valid: false, error: "Password must be a string" };

     

       87
       87
       +
       	}

     

       88
       88
       +
       

     

       89
       89
       +
       	// Client sends PBKDF2 as hex string

     

       90
       90
       +
       	if (

     

       91
       91
       +
       		password.length !== VALIDATION_LIMITS.PASSWORD_HASH_LENGTH ||

     

       92
       92
       +
       		!/^[0-9a-f]+$/.test(password)

     

       93
       93
       +
       	) {

     

       94
       94
       +
       		return { valid: false, error: "Invalid password format" };

     

       95
       95
       +
       	}

     

       96
       96
       +
       

     

       97
       97
       +
       	return { valid: true };

     

       98
       98
       +
       }

     

       99
       99
       +
       

     

       100
       100
       +
       /**

     

       101
       101
       +
        * Validate course code

     

       102
       102
       +
        */

     

       103
       103
       +
       export function validateCourseCode(courseCode: unknown): ValidationResult {

     

       104
       104
       +
       	if (typeof courseCode !== "string") {

     

       105
       105
       +
       		return { valid: false, error: "Course code must be a string" };

     

       106
       106
       +
       	}

     

       107
       107
       +
       

     

       108
       108
       +
       	const trimmed = courseCode.trim();

     

       109
       109
       +
       

     

       110
       110
       +
       	if (trimmed.length === 0) {

     

       111
       111
       +
       		return { valid: false, error: "Course code is required" };

     

       112
       112
       +
       	}

     

       113
       113
       +
       

     

       114
       114
       +
       	if (trimmed.length > VALIDATION_LIMITS.COURSE_CODE_MAX) {

     

       115
       115
       +
       		return {

     

       116
       116
       +
       			valid: false,

     

       117
       117
       +
       			error: `Course code must be less than ${VALIDATION_LIMITS.COURSE_CODE_MAX} characters`,

     

       118
       118
       +
       		};

     

       119
       119
       +
       	}

     

       120
       120
       +
       

     

       121
       121
       +
       	return { valid: true };

     

       122
       122
       +
       }

     

       123
       123
       +
       

     

       124
       124
       +
       /**

     

       125
       125
       +
        * Validate course/class name

     

       126
       126
       +
        */

     

       127
       127
       +
       export function validateCourseName(courseName: unknown): ValidationResult {

     

       128
       128
       +
       	if (typeof courseName !== "string") {

     

       129
       129
       +
       		return { valid: false, error: "Course name must be a string" };

     

       130
       130
       +
       	}

     

       131
       131
       +
       

     

       132
       132
       +
       	const trimmed = courseName.trim();

     

       133
       133
       +
       

     

       134
       134
       +
       	if (trimmed.length === 0) {

     

       135
       135
       +
       		return { valid: false, error: "Course name is required" };

     

       136
       136
       +
       	}

     

       137
       137
       +
       

     

       138
       138
       +
       	if (trimmed.length > VALIDATION_LIMITS.COURSE_NAME_MAX) {

     

       139
       139
       +
       		return {

     

       140
       140
       +
       			valid: false,

     

       141
       141
       +
       			error: `Course name must be less than ${VALIDATION_LIMITS.COURSE_NAME_MAX} characters`,

     

       142
       142
       +
       		};

     

       143
       143
       +
       	}

     

       144
       144
       +
       

     

       145
       145
       +
       	return { valid: true };

     

       146
       146
       +
       }

     

       147
       147
       +
       

     

       148
       148
       +
       /**

     

       149
       149
       +
        * Validate semester

     

       150
       150
       +
        */

     

       151
       151
       +
       export function validateSemester(semester: unknown): ValidationResult {

     

       152
       152
       +
       	if (typeof semester !== "string") {

     

       153
       153
       +
       		return { valid: false, error: "Semester must be a string" };

     

       154
       154
       +
       	}

     

       155
       155
       +
       

     

       156
       156
       +
       	const trimmed = semester.trim();

     

       157
       157
       +
       

     

       158
       158
       +
       	if (trimmed.length === 0) {

     

       159
       159
       +
       		return { valid: false, error: "Semester is required" };

     

       160
       160
       +
       	}

     

       161
       161
       +
       

     

       162
       162
       +
       	if (trimmed.length > VALIDATION_LIMITS.SEMESTER_MAX) {

     

       163
       163
       +
       		return {

     

       164
       164
       +
       			valid: false,

     

       165
       165
       +
       			error: `Semester must be less than ${VALIDATION_LIMITS.SEMESTER_MAX} characters`,

     

       166
       166
       +
       		};

     

       167
       167
       +
       	}

     

       168
       168
       +
       

     

       169
       169
       +
       	// Optional: validate it's a known semester value

     

       170
       170
       +
       	const validSemesters = ["fall", "spring", "summer", "winter"];

     

       171
       171
       +
       	if (!validSemesters.includes(trimmed.toLowerCase())) {

     

       172
       172
       +
       		return {

     

       173
       173
       +
       			valid: false,

     

       174
       174
       +
       			error: "Semester must be Fall, Spring, Summer, or Winter",

     

       175
       175
       +
       		};

     

       176
       176
       +
       	}

     

       177
       177
       +
       

     

       178
       178
       +
       	return { valid: true };

     

       179
       179
       +
       }

     

       180
       180
       +
       

     

       181
       181
       +
       /**

     

       182
       182
       +
        * Validate year

     

       183
       183
       +
        */

     

       184
       184
       +
       export function validateYear(year: unknown): ValidationResult {

     

       185
       185
       +
       	if (typeof year !== "number") {

     

       186
       186
       +
       		return { valid: false, error: "Year must be a number" };

     

       187
       187
       +
       	}

     

       188
       188
       +
       

     

       189
       189
       +
       	const currentYear = new Date().getFullYear();

     

       190
       190
       +
       	const minYear = 2000;

     

       191
       191
       +
       	const maxYear = currentYear + 5;

     

       192
       192
       +
       

     

       193
       193
       +
       	if (year < minYear || year > maxYear) {

     

       194
       194
       +
       		return {

     

       195
       195
       +
       			valid: false,

     

       196
       196
       +
       			error: `Year must be between ${minYear} and ${maxYear}`,

     

       197
       197
       +
       		};

     

       198
       198
       +
       	}

     

       199
       199
       +
       

     

       200
       200
       +
       	return { valid: true };

     

       201
       201
       +
       }

     

       202
       202
       +
       

     

       203
       203
       +
       /**

     

       204
       204
       +
        * Validate class ID format

     

       205
       205
       +
        */

     

       206
       206
       +
       export function validateClassId(classId: unknown): ValidationResult {

     

       207
       207
       +
       	if (typeof classId !== "string") {

     

       208
       208
       +
       		return { valid: false, error: "Class ID must be a string" };

     

       209
       209
       +
       	}

     

       210
       210
       +
       

     

       211
       211
       +
       	if (classId.length === 0) {

     

       212
       212
       +
       		return { valid: false, error: "Class ID is required" };

     

       213
       213
       +
       	}

     

       214
       214
       +
       

     

       215
       215
       +
       	if (classId.length > VALIDATION_LIMITS.CLASS_ID_MAX) {

     

       216
       216
       +
       		return {

     

       217
       217
       +
       			valid: false,

     

       218
       218
       +
       			error: `Class ID must be less than ${VALIDATION_LIMITS.CLASS_ID_MAX} characters`,

     

       219
       219
       +
       		};

     

       220
       220
       +
       	}

     

       221
       221
       +
       

     

       222
       222
       +
       	return { valid: true };

     

       223
       223
       +
       }

+227

src/lib/voting.ts

···

       1
       1
       +
       import { nanoid } from "nanoid";

     

       2
       2
       +
       import db from "../db/schema";

     

       3
       3
       +
       

     

       4
       4
       +
       /**

     

       5
       5
       +
        * Vote for a recording

     

       6
       6
       +
        * Returns true if vote was recorded, false if already voted

     

       7
       7
       +
        */

     

       8
       8
       +
       export function voteForRecording(

     

       9
       9
       +
       	transcriptionId: string,

     

       10
       10
       +
       	userId: number,

     

       11
       11
       +
       ): boolean {

     

       12
       12
       +
       	try {

     

       13
       13
       +
       		const voteId = nanoid();

     

       14
       14
       +
       		db.run(

     

       15
       15
       +
       			"INSERT INTO recording_votes (id, transcription_id, user_id) VALUES (?, ?, ?)",

     

       16
       16
       +
       			[voteId, transcriptionId, userId],

     

       17
       17
       +
       		);

     

       18
       18
       +
       

     

       19
       19
       +
       		// Increment vote count on transcription

     

       20
       20
       +
       		db.run(

     

       21
       21
       +
       			"UPDATE transcriptions SET vote_count = vote_count + 1 WHERE id = ?",

     

       22
       22
       +
       			[transcriptionId],

     

       23
       23
       +
       		);

     

       24
       24
       +
       

     

       25
       25
       +
       		return true;

     

       26
       26
       +
       	} catch (error) {

     

       27
       27
       +
       		// Unique constraint violation means user already voted

     

       28
       28
       +
       		if (

     

       29
       29
       +
       			error instanceof Error &&

     

       30
       30
       +
       			error.message.includes("UNIQUE constraint failed")

     

       31
       31
       +
       		) {

     

       32
       32
       +
       			return false;

     

       33
       33
       +
       		}

     

       34
       34
       +
       		throw error;

     

       35
       35
       +
       	}

     

       36
       36
       +
       }

     

       37
       37
       +
       

     

       38
       38
       +
       /**

     

       39
       39
       +
        * Remove vote for a recording

     

       40
       40
       +
        */

     

       41
       41
       +
       export function removeVote(transcriptionId: string, userId: number): boolean {

     

       42
       42
       +
       	const result = db.run(

     

       43
       43
       +
       		"DELETE FROM recording_votes WHERE transcription_id = ? AND user_id = ?",

     

       44
       44
       +
       		[transcriptionId, userId],

     

       45
       45
       +
       	);

     

       46
       46
       +
       

     

       47
       47
       +
       	if (result.changes > 0) {

     

       48
       48
       +
       		// Decrement vote count on transcription

     

       49
       49
       +
       		db.run(

     

       50
       50
       +
       			"UPDATE transcriptions SET vote_count = vote_count - 1 WHERE id = ?",

     

       51
       51
       +
       			[transcriptionId],

     

       52
       52
       +
       		);

     

       53
       53
       +
       		return true;

     

       54
       54
       +
       	}

     

       55
       55
       +
       

     

       56
       56
       +
       	return false;

     

       57
       57
       +
       }

     

       58
       58
       +
       

     

       59
       59
       +
       /**

     

       60
       60
       +
        * Get user's vote for a specific class meeting time

     

       61
       61
       +
        */

     

       62
       62
       +
       export function getUserVoteForMeeting(

     

       63
       63
       +
       	userId: number,

     

       64
       64
       +
       	classId: string,

     

       65
       65
       +
       	meetingTimeId: string,

     

       66
       66
       +
       ): string | null {

     

       67
       67
       +
       	const result = db

     

       68
       68
       +
       		.query<

     

       69
       69
       +
       			{ transcription_id: string },

     

       70
       70
       +
       			[number, string, string]

     

       71
       71
       +
       		>(

     

       72
       72
       +
       			`SELECT rv.transcription_id 

     

       73
       73
       +
              FROM recording_votes rv

     

       74
       74
       +
              JOIN transcriptions t ON rv.transcription_id = t.id

     

       75
       75
       +
              WHERE rv.user_id = ? 

     

       76
       76
       +
                AND t.class_id = ? 

     

       77
       77
       +
                AND t.meeting_time_id = ?

     

       78
       78
       +
                AND t.status = 'pending'`,

     

       79
       79
       +
       		)

     

       80
       80
       +
       		.get(userId, classId, meetingTimeId);

     

       81
       81
       +
       

     

       82
       82
       +
       	return result?.transcription_id || null;

     

       83
       83
       +
       }

     

       84
       84
       +
       

     

       85
       85
       +
       /**

     

       86
       86
       +
        * Get all pending recordings for a class meeting time (filtered by section)

     

       87
       87
       +
        */

     

       88
       88
       +
       export function getPendingRecordings(

     

       89
       89
       +
       	classId: string,

     

       90
       90
       +
       	meetingTimeId: string,

     

       91
       91
       +
       	sectionId?: string | null,

     

       92
       92
       +
       ) {

     

       93
       93
       +
       	// Build query based on whether section filtering is needed

     

       94
       94
       +
       	let query = `SELECT id, user_id, filename, original_filename, vote_count, created_at, section_id

     

       95
       95
       +
              FROM transcriptions

     

       96
       96
       +
              WHERE class_id = ? 

     

       97
       97
       +
                AND meeting_time_id = ?

     

       98
       98
       +
                AND status = 'pending'`;

     

       99
       99
       +
       

     

       100
       100
       +
       	const params: (string | null)[] = [classId, meetingTimeId];

     

       101
       101
       +
       

     

       102
       102
       +
       	// Filter by section if provided (for voting - section-specific)

     

       103
       103
       +
       	if (sectionId !== undefined) {

     

       104
       104
       +
       		query += " AND (section_id = ? OR section_id IS NULL)";

     

       105
       105
       +
       		params.push(sectionId);

     

       106
       106
       +
       	}

     

       107
       107
       +
       

     

       108
       108
       +
       	query += " ORDER BY vote_count DESC, created_at ASC";

     

       109
       109
       +
       

     

       110
       110
       +
       	return db

     

       111
       111
       +
       		.query<

     

       112
       112
       +
       			{

     

       113
       113
       +
       				id: string;

     

       114
       114
       +
       				user_id: number;

     

       115
       115
       +
       				filename: string;

     

       116
       116
       +
       				original_filename: string;

     

       117
       117
       +
       				vote_count: number;

     

       118
       118
       +
       				created_at: number;

     

       119
       119
       +
       				section_id: string | null;

     

       120
       120
       +
       			},

     

       121
       121
       +
       			(string | null)[]

     

       122
       122
       +
       		>(query)

     

       123
       123
       +
       		.all(...params);

     

       124
       124
       +
       }

     

       125
       125
       +
       

     

       126
       126
       +
       /**

     

       127
       127
       +
        * Get total enrolled users count for a class

     

       128
       128
       +
        */

     

       129
       129
       +
       export function getEnrolledUserCount(classId: string): number {

     

       130
       130
       +
       	const result = db

     

       131
       131
       +
       		.query<{ count: number }, [string]>(

     

       132
       132
       +
       			"SELECT COUNT(*) as count FROM class_members WHERE class_id = ?",

     

       133
       133
       +
       		)

     

       134
       134
       +
       		.get(classId);

     

       135
       135
       +
       

     

       136
       136
       +
       	return result?.count || 0;

     

       137
       137
       +
       }

     

       138
       138
       +
       

     

       139
       139
       +
       /**

     

       140
       140
       +
        * Check if recording should be auto-submitted

     

       141
       141
       +
        * Returns winning recording ID if ready, null otherwise

     

       142
       142
       +
        */

     

       143
       143
       +
       export function checkAutoSubmit(

     

       144
       144
       +
       	classId: string,

     

       145
       145
       +
       	meetingTimeId: string,

     

       146
       146
       +
       	sectionId?: string | null,

     

       147
       147
       +
       ): string | null {

     

       148
       148
       +
       	const recordings = getPendingRecordings(classId, meetingTimeId, sectionId);

     

       149
       149
       +
       

     

       150
       150
       +
       	if (recordings.length === 0) {

     

       151
       151
       +
       		return null;

     

       152
       152
       +
       	}

     

       153
       153
       +
       

     

       154
       154
       +
       	const totalUsers = getEnrolledUserCount(classId);

     

       155
       155
       +
       	const now = Date.now() / 1000; // Current time in seconds

     

       156
       156
       +
       

     

       157
       157
       +
       	// Get the recording with most votes

     

       158
       158
       +
       	const topRecording = recordings[0];

     

       159
       159
       +
       	if (!topRecording) return null;

     

       160
       160
       +
       

     

       161
       161
       +
       	const uploadedAt = topRecording.created_at;

     

       162
       162
       +
       	const timeSinceUpload = now - uploadedAt;

     

       163
       163
       +
       

     

       164
       164
       +
       	// Auto-submit if:

     

       165
       165
       +
       	// 1. 30 minutes have passed since first upload, OR

     

       166
       166
       +
       	// 2. 40% of enrolled users have voted for the top recording

     

       167
       167
       +
       	const thirtyMinutes = 30 * 60; // 30 minutes in seconds

     

       168
       168
       +
       	const voteThreshold = Math.ceil(totalUsers * 0.4);

     

       169
       169
       +
       

     

       170
       170
       +
       	if (timeSinceUpload >= thirtyMinutes) {

     

       171
       171
       +
       		console.log(

     

       172
       172
       +
       			`[Voting] Auto-submitting ${topRecording.id} - 30 minutes elapsed`,

     

       173
       173
       +
       		);

     

       174
       174
       +
       		return topRecording.id;

     

       175
       175
       +
       	}

     

       176
       176
       +
       

     

       177
       177
       +
       	if (topRecording.vote_count >= voteThreshold) {

     

       178
       178
       +
       		console.log(

     

       179
       179
       +
       			`[Voting] Auto-submitting ${topRecording.id} - reached ${topRecording.vote_count}/${voteThreshold} votes (40% threshold)`,

     

       180
       180
       +
       		);

     

       181
       181
       +
       		return topRecording.id;

     

       182
       182
       +
       	}

     

       183
       183
       +
       

     

       184
       184
       +
       	return null;

     

       185
       185
       +
       }

     

       186
       186
       +
       

     

       187
       187
       +
       /**

     

       188
       188
       +
        * Mark a recording as auto-submitted and start transcription

     

       189
       189
       +
        */

     

       190
       190
       +
       export function markAsAutoSubmitted(transcriptionId: string): void {

     

       191
       191
       +
       	db.run(

     

       192
       192
       +
       		"UPDATE transcriptions SET auto_submitted = 1 WHERE id = ?",

     

       193
       193
       +
       		[transcriptionId],

     

       194
       194
       +
       	);

     

       195
       195
       +
       }

     

       196
       196
       +
       

     

       197
       197
       +
       /**

     

       198
       198
       +
        * Delete a pending recording (only allowed by uploader or admin)

     

       199
       199
       +
        */

     

       200
       200
       +
       export function deletePendingRecording(

     

       201
       201
       +
       	transcriptionId: string,

     

       202
       202
       +
       	userId: number,

     

       203
       203
       +
       	isAdmin: boolean,

     

       204
       204
       +
       ): boolean {

     

       205
       205
       +
       	// Check ownership if not admin

     

       206
       206
       +
       	if (!isAdmin) {

     

       207
       207
       +
       		const recording = db

     

       208
       208
       +
       			.query<{ user_id: number; status: string }, [string]>(

     

       209
       209
       +
       				"SELECT user_id, status FROM transcriptions WHERE id = ?",

     

       210
       210
       +
       			)

     

       211
       211
       +
       			.get(transcriptionId);

     

       212
       212
       +
       

     

       213
       213
       +
       		if (!recording || recording.user_id !== userId) {

     

       214
       214
       +
       			return false;

     

       215
       215
       +
       		}

     

       216
       216
       +
       

     

       217
       217
       +
       		// Only allow deleting pending recordings

     

       218
       218
       +
       		if (recording.status !== "pending") {

     

       219
       219
       +
       			return false;

     

       220
       220
       +
       		}

     

       221
       221
       +
       	}

     

       222
       222
       +
       

     

       223
       223
       +
       	// Delete the recording (cascades to votes)

     

       224
       224
       +
       	db.run("DELETE FROM transcriptions WHERE id = ?", [transcriptionId]);

     

       225
       225
       +
       

     

       226
       226
       +
       	return true;

     

       227
       227
       +
       }

+10

src/lib/vtt-cleaner.test.ts

···

       55
       55
        
       

     

       56
       56
        
       test("cleanVTT preserves empty VTT", async () => {

     

       57
       57
        
       	const emptyVTT = "WEBVTT\n\n";

     

       58
       58
       +
       

     

       59
       59
       +
       	// Save and remove API key to avoid burning tokens

     

       60
       60
       +
       	const originalKey = process.env.LLM_API_KEY;

     

       61
       61
       +
       	delete process.env.LLM_API_KEY;

     

       62
       62
       +
       

     

       58
       63
        
       	const result = await cleanVTT("test-empty", emptyVTT);

     

       59
       64
        
       

     

       60
       65
        
       	expect(result).toBe(emptyVTT);

     

       66
       66
       +
       

     

       67
       67
       +
       	// Restore original key

     

       68
       68
       +
       	if (originalKey) {

     

       69
       69
       +
       		process.env.LLM_API_KEY = originalKey;

     

       70
       70
       +
       	}

     

       61
       71
        
       });

     

       62
       72
        
       

     

       63
       73
        
       // AI integration test - skip by default to avoid burning credits

+8 -8

src/lib/vtt-cleaner.ts

···

       338
       338
        
       		`[VTTCleaner] Processing ${segments.length} segments for ${transcriptionId}`,

     

       339
       339
        
       	);

     

       340
       340
        
       

     

       341
       341
       -
       	const apiKey = process.env.LLM_API_KEY;

     

       342
       342
       -
       	const apiBaseUrl = process.env.LLM_API_BASE_URL;

     

       343
       343
       -
       	const model = process.env.LLM_MODEL;

     

       344
       344
       -
       

     

       345
       345
       -
       	if (!apiKey || !apiBaseUrl || !model) {

     

       346
       346
       -
       		console.warn(

     

       347
       347
       -
       			"[VTTCleaner] LLM configuration incomplete (need LLM_API_KEY, LLM_API_BASE_URL, LLM_MODEL), returning uncleaned VTT",

     

       348
       348
       -
       		);

     

       341
       341
       +
       	// Check if API key is available, return original if not

     

       342
       342
       +
       	if (!process.env.LLM_API_KEY) {

     

       343
       343
       +
       		console.warn("[VTTCleaner] LLM_API_KEY not set, returning original VTT");

     

       349
       344
        
       		return vttContent;

     

       350
       345
        
       	}

     

       346
       346
       +
       

     

       347
       347
       +
       	// Validated at startup

     

       348
       348
       +
       	const apiKey = process.env.LLM_API_KEY as string;

     

       349
       349
       +
       	const apiBaseUrl = process.env.LLM_API_BASE_URL as string;

     

       350
       350
       +
       	const model = process.env.LLM_MODEL as string;

     

       351
       351
        
       

     

       352
       352
        
       	try {

     

       353
       353
        
       		// Build the input segments

+4 -254

src/pages/admin.html

···

       10
       10
        
         <link rel="icon" type="image/png" sizes="16x16" href="../../public/favicon/favicon-16x16.png">

     

       11
       11
        
         <link rel="manifest" href="../../public/favicon/site.webmanifest">

     

       12
       12
        
         <link rel="stylesheet" href="../styles/main.css">

     

       13
       13
       -
         <style>

     

       14
       14
       -
           main {

     

       15
       15
       -
             max-width: 80rem;

     

       16
       16
       -
             margin: 0 auto;

     

       17
       17
       -
             padding: 2rem;

     

       18
       18
       -
           }

     

       19
       19
       -
       

     

       20
       20
       -
           h1 {

     

       21
       21
       -
             margin-bottom: 2rem;

     

       22
       22
       -
             color: var(--text);

     

       23
       23
       -
           }

     

       24
       24
       -
       

     

       25
       25
       -
           .section {

     

       26
       26
       -
             margin-bottom: 3rem;

     

       27
       27
       -
           }

     

       28
       28
       -
       

     

       29
       29
       -
           .section-title {

     

       30
       30
       -
             font-size: 1.5rem;

     

       31
       31
       -
             font-weight: 600;

     

       32
       32
       -
             color: var(--text);

     

       33
       33
       -
             margin-bottom: 1rem;

     

       34
       34
       -
             display: flex;

     

       35
       35
       -
             align-items: center;

     

       36
       36
       -
             gap: 0.5rem;

     

       37
       37
       -
           }

     

       38
       38
       -
       

     

       39
       39
       -
           .tabs {

     

       40
       40
       -
             display: flex;

     

       41
       41
       -
             gap: 1rem;

     

       42
       42
       -
             border-bottom: 2px solid var(--secondary);

     

       43
       43
       -
             margin-bottom: 2rem;

     

       44
       44
       -
           }

     

       45
       45
       -
       

     

       46
       46
       -
           .tab {

     

       47
       47
       -
             padding: 0.75rem 1.5rem;

     

       48
       48
       -
             border: none;

     

       49
       49
       -
             background: transparent;

     

       50
       50
       -
             color: var(--text);

     

       51
       51
       -
             cursor: pointer;

     

       52
       52
       -
             font-size: 1rem;

     

       53
       53
       -
             font-weight: 500;

     

       54
       54
       -
             font-family: inherit;

     

       55
       55
       -
             border-bottom: 2px solid transparent;

     

       56
       56
       -
             margin-bottom: -2px;

     

       57
       57
       -
             transition: all 0.2s;

     

       58
       58
       -
           }

     

       59
       59
       -
       

     

       60
       60
       -
           .tab:hover {

     

       61
       61
       -
             color: var(--primary);

     

       62
       62
       -
           }

     

       63
       63
       -
       

     

       64
       64
       -
           .tab.active {

     

       65
       65
       -
             color: var(--primary);

     

       66
       66
       -
             border-bottom-color: var(--primary);

     

       67
       67
       -
           }

     

       68
       68
       -
       

     

       69
       69
       -
           .tab-content {

     

       70
       70
       -
             display: none;

     

       71
       71
       -
           }

     

       72
       72
       -
       

     

       73
       73
       -
           .tab-content.active {

     

       74
       74
       -
             display: block;

     

       75
       75
       -
           }

     

       76
       76
       -
       

     

       77
       77
       -
           .empty-state {

     

       78
       78
       -
             text-align: center;

     

       79
       79
       -
             padding: 3rem;

     

       80
       80
       -
             color: var(--text);

     

       81
       81
       -
             opacity: 0.6;

     

       82
       82
       -
           }

     

       83
       83
       -
       

     

       84
       84
       -
           .loading {

     

       85
       85
       -
             text-align: center;

     

       86
       86
       -
             padding: 3rem;

     

       87
       87
       -
             color: var(--text);

     

       88
       88
       -
           }

     

       89
       89
       -
       

     

       90
       90
       -
           .error {

     

       91
       91
       -
             background: #fee2e2;

     

       92
       92
       -
             color: #991b1b;

     

       93
       93
       -
             padding: 1rem;

     

       94
       94
       -
             border-radius: 6px;

     

       95
       95
       -
             margin-bottom: 1rem;

     

       96
       96
       -
           }

     

       97
       97
       -
       

     

       98
       98
       -
           .stats {

     

       99
       99
       -
             display: grid;

     

       100
       100
       -
             grid-template-columns: repeat(auto-fit, minmax(15rem, 1fr));

     

       101
       101
       -
             gap: 1rem;

     

       102
       102
       -
             margin-bottom: 2rem;

     

       103
       103
       -
           }

     

       104
       104
       -
       

     

       105
       105
       -
           .stat-card {

     

       106
       106
       -
             background: var(--background);

     

       107
       107
       -
             border: 2px solid var(--secondary);

     

       108
       108
       -
             border-radius: 8px;

     

       109
       109
       -
             padding: 1.5rem;

     

       110
       110
       -
           }

     

       111
       111
       -
       

     

       112
       112
       -
           .stat-value {

     

       113
       113
       -
             font-size: 2rem;

     

       114
       114
       -
             font-weight: 700;

     

       115
       115
       -
             color: var(--primary);

     

       116
       116
       -
             margin-bottom: 0.25rem;

     

       117
       117
       -
           }

     

       118
       118
       -
       

     

       119
       119
       -
           .stat-label {

     

       120
       120
       -
             color: var(--text);

     

       121
       121
       -
             opacity: 0.7;

     

       122
       122
       -
             font-size: 0.875rem;

     

       123
       123
       -
           }

     

       124
       124
       -
       

     

       125
       125
       -
           .timestamp {

     

       126
       126
       -
             color: var(--text);

     

       127
       127
       -
             opacity: 0.6;

     

       128
       128
       -
             font-size: 0.875rem;

     

       129
       129
       -
           }

     

       130
       130
       -
         </style>

     

       13
       13
       +
         <link rel="stylesheet" href="../styles/admin.css">

     

       131
       14
        
       </head>

     

       132
       15
        
       

     

       133
       16
        
       <body>

     
···

       144
       27
        
         <main>

     

       145
       28
        
           <h1>Admin Dashboard</h1>

     

       146
       29
        
       

     

       147
       147
       -
           <div id="error-message" class="error" style="display: none;"></div>

     

       30
       30
       +
           <div id="error-message" class="error hidden"></div>

     

       148
       31
        
       

     

       149
       32
        
           <div id="loading" class="loading">Loading...</div>

     

       150
       33
        
       

     

       151
       151
       -
           <div id="content" style="display: none;">

     

       34
       34
       +
           <div id="content" class="hidden">

     

       152
       35
        
             <div class="stats">

     

       153
       36
        
               <div class="stat-card">

     

       154
       37
        
                 <div class="stat-value" id="total-users">0</div>

     
···

       211
       94
        
         <script type="module" src="../components/admin-classes.ts"></script>

     

       212
       95
        
         <script type="module" src="../components/user-modal.ts"></script>

     

       213
       96
        
         <script type="module" src="../components/transcript-view-modal.ts"></script>

     

       214
       214
       -
         <script type="module">

     

       215
       215
       -
           const transcriptionsComponent = document.getElementById('transcriptions-component');

     

       216
       216
       -
           const usersComponent = document.getElementById('users-component');

     

       217
       217
       -
           const userModal = document.getElementById('user-modal');

     

       218
       218
       -
           const transcriptModal = document.getElementById('transcript-modal');

     

       219
       219
       -
           const errorMessage = document.getElementById('error-message');

     

       220
       220
       -
           const loading = document.getElementById('loading');

     

       221
       221
       -
           const content = document.getElementById('content');

     

       222
       222
       -
       

     

       223
       223
       -
           // Modal functions

     

       224
       224
       -
           function openUserModal(userId) {

     

       225
       225
       -
             userModal.setAttribute('open', '');

     

       226
       226
       -
             userModal.userId = userId;

     

       227
       227
       -
           }

     

       228
       228
       -
       

     

       229
       229
       -
           function closeUserModal() {

     

       230
       230
       -
             userModal.removeAttribute('open');

     

       231
       231
       -
             userModal.userId = null;

     

       232
       232
       -
           }

     

       233
       233
       -
       

     

       234
       234
       -
           function openTranscriptModal(transcriptId) {

     

       235
       235
       -
             transcriptModal.setAttribute('open', '');

     

       236
       236
       -
             transcriptModal.transcriptId = transcriptId;

     

       237
       237
       -
           }

     

       238
       238
       -
       

     

       239
       239
       -
           function closeTranscriptModal() {

     

       240
       240
       -
             transcriptModal.removeAttribute('open');

     

       241
       241
       -
             transcriptModal.transcriptId = null;

     

       242
       242
       -
           }

     

       243
       243
       -
       

     

       244
       244
       -
           // Listen for component events

     

       245
       245
       -
           transcriptionsComponent.addEventListener('open-transcription', (e) => {

     

       246
       246
       -
             openTranscriptModal(e.detail.id);

     

       247
       247
       -
           });

     

       248
       248
       -
       

     

       249
       249
       -
           usersComponent.addEventListener('open-user', (e) => {

     

       250
       250
       -
             openUserModal(e.detail.id);

     

       251
       251
       -
           });

     

       252
       252
       -
       

     

       253
       253
       -
           // Listen for modal close events

     

       254
       254
       -
           userModal.addEventListener('close', closeUserModal);

     

       255
       255
       -
           userModal.addEventListener('user-updated', async () => {

     

       256
       256
       -
             await loadStats();

     

       257
       257
       -
           });

     

       258
       258
       -
           userModal.addEventListener('click', (e) => {

     

       259
       259
       -
             if (e.target === userModal) closeUserModal();

     

       260
       260
       -
           });

     

       261
       261
       -
       

     

       262
       262
       -
           transcriptModal.addEventListener('close', closeTranscriptModal);

     

       263
       263
       -
           transcriptModal.addEventListener('transcript-deleted', async () => {

     

       264
       264
       -
             await loadStats();

     

       265
       265
       -
           });

     

       266
       266
       -
           transcriptModal.addEventListener('click', (e) => {

     

       267
       267
       -
             if (e.target === transcriptModal) closeTranscriptModal();

     

       268
       268
       -
           });

     

       269
       269
       -
       

     

       270
       270
       -
           async function loadStats() {

     

       271
       271
       -
             try {

     

       272
       272
       -
               const [transcriptionsRes, usersRes] = await Promise.all([

     

       273
       273
       -
                 fetch('/api/admin/transcriptions'),

     

       274
       274
       -
                 fetch('/api/admin/users')

     

       275
       275
       -
               ]);

     

       276
       276
       -
       

     

       277
       277
       -
               if (!transcriptionsRes.ok || !usersRes.ok) {

     

       278
       278
       -
                 if (transcriptionsRes.status === 403 || usersRes.status === 403) {

     

       279
       279
       -
                   window.location.href = '/';

     

       280
       280
       -
                   return;

     

       281
       281
       -
                 }

     

       282
       282
       -
                 throw new Error('Failed to load admin data');

     

       283
       283
       -
               }

     

       284
       284
       -
       

     

       285
       285
       -
               const transcriptions = await transcriptionsRes.json();

     

       286
       286
       -
               const users = await usersRes.json();

     

       287
       287
       -
       

     

       288
       288
       -
               document.getElementById('total-users').textContent = users.length;

     

       289
       289
       -
               document.getElementById('total-transcriptions').textContent = transcriptions.length;

     

       290
       290
       -
               

     

       291
       291
       -
               const failed = transcriptions.filter(t => t.status === 'failed');

     

       292
       292
       -
               document.getElementById('failed-transcriptions').textContent = failed.length;

     

       293
       293
       -
       

     

       294
       294
       -
               loading.style.display = 'none';

     

       295
       295
       -
               content.style.display = 'block';

     

       296
       296
       -
             } catch (error) {

     

       297
       297
       -
               errorMessage.textContent = error.message;

     

       298
       298
       -
               errorMessage.style.display = 'block';

     

       299
       299
       -
               loading.style.display = 'none';

     

       300
       300
       -
             }

     

       301
       301
       -
           }

     

       302
       302
       -
       

     

       303
       303
       -
           // Tab switching

     

       304
       304
       -
           function switchTab(tabName) {

     

       305
       305
       -
             document.querySelectorAll('.tab').forEach(t => {

     

       306
       306
       -
               t.classList.remove('active');

     

       307
       307
       -
             });

     

       308
       308
       -
             document.querySelectorAll('.tab-content').forEach(c => {

     

       309
       309
       -
               c.classList.remove('active');

     

       310
       310
       -
             });

     

       311
       311
       -
       

     

       312
       312
       -
             const tabButton = document.querySelector(`[data-tab="${tabName}"]`);

     

       313
       313
       -
             const tabContent = document.getElementById(`${tabName}-tab`);

     

       314
       314
       -
             

     

       315
       315
       -
             if (tabButton && tabContent) {

     

       316
       316
       -
               tabButton.classList.add('active');

     

       317
       317
       -
               tabContent.classList.add('active');

     

       318
       318
       -
               

     

       319
       319
       -
               // Update URL without reloading

     

       320
       320
       -
               const url = new URL(window.location.href);

     

       321
       321
       -
               url.searchParams.set('tab', tabName);

     

       322
       322
       -
               // Remove subtab param when leaving classes tab

     

       323
       323
       -
               if (tabName !== 'classes') {

     

       324
       324
       -
                 url.searchParams.delete('subtab');

     

       325
       325
       -
               }

     

       326
       326
       -
               window.history.pushState({}, '', url);

     

       327
       327
       -
             }

     

       328
       328
       -
           }

     

       329
       329
       -
       

     

       330
       330
       -
           document.querySelectorAll('.tab').forEach(tab => {

     

       331
       331
       -
             tab.addEventListener('click', () => {

     

       332
       332
       -
               switchTab(tab.dataset.tab);

     

       333
       333
       -
             });

     

       334
       334
       -
           });

     

       335
       335
       -
       

     

       336
       336
       -
           // Check for tab query parameter on load

     

       337
       337
       -
           const params = new URLSearchParams(window.location.search);

     

       338
       338
       -
           const initialTab = params.get('tab');

     

       339
       339
       -
           const validTabs = ['pending', 'transcriptions', 'users', 'classes'];

     

       340
       340
       -
           

     

       341
       341
       -
           if (initialTab && validTabs.includes(initialTab)) {

     

       342
       342
       -
             switchTab(initialTab);

     

       343
       343
       -
           }

     

       344
       344
       -
       

     

       345
       345
       -
           // Initialize

     

       346
       346
       -
           loadStats();

     

       347
       347
       -
         </script>

     

       97
       97
       +
         <script type="module" src="./admin.ts"></script>

     

       348
       98
        
       </body>

     

       349
       99
        
       

     

       350
       100
        
       </html>

+151

src/pages/admin.ts

···

       1
       1
       +
       const transcriptionsComponent = document.getElementById(

     

       2
       2
       +
       	"transcriptions-component",

     

       3
       3
       +
       ) as HTMLElement | null;

     

       4
       4
       +
       const usersComponent = document.getElementById(

     

       5
       5
       +
       	"users-component",

     

       6
       6
       +
       ) as HTMLElement | null;

     

       7
       7
       +
       const userModal = document.getElementById("user-modal") as HTMLElement | null;

     

       8
       8
       +
       const transcriptModal = document.getElementById(

     

       9
       9
       +
       	"transcript-modal",

     

       10
       10
       +
       ) as HTMLElement | null;

     

       11
       11
       +
       const errorMessage = document.getElementById("error-message") as HTMLElement;

     

       12
       12
       +
       const loading = document.getElementById("loading") as HTMLElement;

     

       13
       13
       +
       const content = document.getElementById("content") as HTMLElement;

     

       14
       14
       +
       

     

       15
       15
       +
       // Modal functions

     

       16
       16
       +
       function openUserModal(userId: string) {

     

       17
       17
       +
       	userModal.setAttribute("open", "");

     

       18
       18
       +
       	userModal.userId = userId;

     

       19
       19
       +
       }

     

       20
       20
       +
       

     

       21
       21
       +
       function closeUserModal() {

     

       22
       22
       +
       	userModal.removeAttribute("open");

     

       23
       23
       +
       	userModal.userId = null;

     

       24
       24
       +
       }

     

       25
       25
       +
       

     

       26
       26
       +
       function openTranscriptModal(transcriptId: string) {

     

       27
       27
       +
       	transcriptModal.setAttribute("open", "");

     

       28
       28
       +
       	transcriptModal.transcriptId = transcriptId;

     

       29
       29
       +
       }

     

       30
       30
       +
       

     

       31
       31
       +
       function closeTranscriptModal() {

     

       32
       32
       +
       	transcriptModal.removeAttribute("open");

     

       33
       33
       +
       	transcriptModal.transcriptId = null;

     

       34
       34
       +
       }

     

       35
       35
       +
       

     

       36
       36
       +
       // Listen for component events

     

       37
       37
       +
       transcriptionsComponent?.addEventListener(

     

       38
       38
       +
       	"open-transcription",

     

       39
       39
       +
       	(e: CustomEvent) => {

     

       40
       40
       +
       		openTranscriptModal(e.detail.id);

     

       41
       41
       +
       	},

     

       42
       42
       +
       );

     

       43
       43
       +
       

     

       44
       44
       +
       usersComponent?.addEventListener("open-user", (e: CustomEvent) => {

     

       45
       45
       +
       	openUserModal(e.detail.id);

     

       46
       46
       +
       });

     

       47
       47
       +
       

     

       48
       48
       +
       // Listen for modal close events

     

       49
       49
       +
       userModal?.addEventListener("close", closeUserModal);

     

       50
       50
       +
       userModal?.addEventListener("user-updated", async () => {

     

       51
       51
       +
       	await loadStats();

     

       52
       52
       +
       });

     

       53
       53
       +
       userModal?.addEventListener("click", (e: MouseEvent) => {

     

       54
       54
       +
       	if (e.target === userModal) closeUserModal();

     

       55
       55
       +
       });

     

       56
       56
       +
       

     

       57
       57
       +
       transcriptModal?.addEventListener("close", closeTranscriptModal);

     

       58
       58
       +
       transcriptModal?.addEventListener("transcript-deleted", async () => {

     

       59
       59
       +
       	await loadStats();

     

       60
       60
       +
       });

     

       61
       61
       +
       transcriptModal?.addEventListener("click", (e: MouseEvent) => {

     

       62
       62
       +
       	if (e.target === transcriptModal) closeTranscriptModal();

     

       63
       63
       +
       });

     

       64
       64
       +
       

     

       65
       65
       +
       async function loadStats() {

     

       66
       66
       +
       	try {

     

       67
       67
       +
       		const [transcriptionsRes, usersRes] = await Promise.all([

     

       68
       68
       +
       			fetch("/api/admin/transcriptions"),

     

       69
       69
       +
       			fetch("/api/admin/users"),

     

       70
       70
       +
       		]);

     

       71
       71
       +
       

     

       72
       72
       +
       		if (!transcriptionsRes.ok || !usersRes.ok) {

     

       73
       73
       +
       			if (transcriptionsRes.status === 403 || usersRes.status === 403) {

     

       74
       74
       +
       				window.location.href = "/";

     

       75
       75
       +
       				return;

     

       76
       76
       +
       			}

     

       77
       77
       +
       			throw new Error("Failed to load admin data");

     

       78
       78
       +
       		}

     

       79
       79
       +
       

     

       80
       80
       +
       		const transcriptions = await transcriptionsRes.json();

     

       81
       81
       +
       		const users = await usersRes.json();

     

       82
       82
       +
       

     

       83
       83
       +
       		const totalUsers = document.getElementById("total-users");

     

       84
       84
       +
       		const totalTranscriptions = document.getElementById("total-transcriptions");

     

       85
       85
       +
       		const failedTranscriptions = document.getElementById(

     

       86
       86
       +
       			"failed-transcriptions",

     

       87
       87
       +
       		);

     

       88
       88
       +
       

     

       89
       89
       +
       		if (totalUsers) totalUsers.textContent = users.length.toString();

     

       90
       90
       +
       		if (totalTranscriptions)

     

       91
       91
       +
       			totalTranscriptions.textContent = transcriptions.length.toString();

     

       92
       92
       +
       

     

       93
       93
       +
       		const failed = transcriptions.filter(

     

       94
       94
       +
       			(t: { status: string }) => t.status === "failed",

     

       95
       95
       +
       		);

     

       96
       96
       +
       		if (failedTranscriptions)

     

       97
       97
       +
       			failedTranscriptions.textContent = failed.length.toString();

     

       98
       98
       +
       

     

       99
       99
       +
       		loading.classList.add("hidden");

     

       100
       100
       +
       		content.classList.remove("hidden");

     

       101
       101
       +
       	} catch (error) {

     

       102
       102
       +
       		errorMessage.textContent = (error as Error).message;

     

       103
       103
       +
       		errorMessage.classList.remove("hidden");

     

       104
       104
       +
       		loading.classList.add("hidden");

     

       105
       105
       +
       	}

     

       106
       106
       +
       }

     

       107
       107
       +
       

     

       108
       108
       +
       // Tab switching

     

       109
       109
       +
       function switchTab(tabName: string) {

     

       110
       110
       +
       	document.querySelectorAll(".tab").forEach((t) => {

     

       111
       111
       +
       		t.classList.remove("active");

     

       112
       112
       +
       	});

     

       113
       113
       +
       	document.querySelectorAll(".tab-content").forEach((c) => {

     

       114
       114
       +
       		c.classList.remove("active");

     

       115
       115
       +
       	});

     

       116
       116
       +
       

     

       117
       117
       +
       	const tabButton = document.querySelector(`[data-tab="${tabName}"]`);

     

       118
       118
       +
       	const tabContent = document.getElementById(`${tabName}-tab`);

     

       119
       119
       +
       

     

       120
       120
       +
       	if (tabButton && tabContent) {

     

       121
       121
       +
       		tabButton.classList.add("active");

     

       122
       122
       +
       		tabContent.classList.add("active");

     

       123
       123
       +
       

     

       124
       124
       +
       		// Update URL without reloading

     

       125
       125
       +
       		const url = new URL(window.location.href);

     

       126
       126
       +
       		url.searchParams.set("tab", tabName);

     

       127
       127
       +
       		// Remove subtab param when leaving classes tab

     

       128
       128
       +
       		if (tabName !== "classes") {

     

       129
       129
       +
       			url.searchParams.delete("subtab");

     

       130
       130
       +
       		}

     

       131
       131
       +
       		window.history.pushState({}, "", url);

     

       132
       132
       +
       	}

     

       133
       133
       +
       }

     

       134
       134
       +
       

     

       135
       135
       +
       document.querySelectorAll(".tab").forEach((tab) => {

     

       136
       136
       +
       	tab.addEventListener("click", () => {

     

       137
       137
       +
       		switchTab((tab as HTMLElement).dataset.tab || "");

     

       138
       138
       +
       	});

     

       139
       139
       +
       });

     

       140
       140
       +
       

     

       141
       141
       +
       // Check for tab query parameter on load

     

       142
       142
       +
       const params = new URLSearchParams(window.location.search);

     

       143
       143
       +
       const initialTab = params.get("tab");

     

       144
       144
       +
       const validTabs = ["pending", "transcriptions", "users", "classes"];

     

       145
       145
       +
       

     

       146
       146
       +
       if (initialTab && validTabs.includes(initialTab)) {

     

       147
       147
       +
       	switchTab(initialTab);

     

       148
       148
       +
       }

     

       149
       149
       +
       

     

       150
       150
       +
       // Initialize

     

       151
       151
       +
       loadStats();

+2 -85

src/pages/index.html

···

       10
       10
        
         <link rel="icon" type="image/png" sizes="16x16" href="../../public/favicon/favicon-16x16.png">

     

       11
       11
        
         <link rel="manifest" href="../../public/favicon/site.webmanifest">

     

       12
       12
        
         <link rel="stylesheet" href="../styles/main.css">

     

       13
       13
       -
         <style>

     

       14
       14
       -
           .hero-title {

     

       15
       15
       -
             font-size: 3rem;

     

       16
       16
       -
             font-weight: 700;

     

       17
       17
       -
             color: var(--text);

     

       18
       18
       -
             margin-bottom: 1rem;

     

       19
       19
       -
           }

     

       20
       20
       -
       

     

       21
       21
       -
           .hero-subtitle {

     

       22
       22
       -
             font-size: 1.25rem;

     

       23
       23
       -
             color: var(--text);

     

       24
       24
       -
             opacity: 0.8;

     

       25
       25
       -
             margin-bottom: 2rem;

     

       26
       26
       -
           }

     

       27
       27
       -
       

     

       28
       28
       -
           main {

     

       29
       29
       -
             text-align: center;

     

       30
       30
       -
             padding: 4rem 2rem;

     

       31
       31
       -
           }

     

       32
       32
       -
       

     

       33
       33
       -
           .cta-buttons {

     

       34
       34
       -
             display: flex;

     

       35
       35
       -
             gap: 1rem;

     

       36
       36
       -
             justify-content: center;

     

       37
       37
       -
             margin-top: 2rem;

     

       38
       38
       -
           }

     

       39
       39
       -
       

     

       40
       40
       -
           .btn {

     

       41
       41
       -
             padding: 0.75rem 1.5rem;

     

       42
       42
       -
             border-radius: 6px;

     

       43
       43
       -
             font-size: 1rem;

     

       44
       44
       -
             font-weight: 500;

     

       45
       45
       -
             cursor: pointer;

     

       46
       46
       -
             transition: all 0.2s;

     

       47
       47
       -
             font-family: inherit;

     

       48
       48
       -
             border: 2px solid;

     

       49
       49
       -
             text-decoration: none;

     

       50
       50
       -
             display: inline-block;

     

       51
       51
       -
           }

     

       52
       52
       -
       

     

       53
       53
       -
           .btn-primary {

     

       54
       54
       -
             background: var(--primary);

     

       55
       55
       -
             color: white;

     

       56
       56
       -
             border-color: var(--primary);

     

       57
       57
       -
           }

     

       58
       58
       -
       

     

       59
       59
       -
           .btn-primary:hover {

     

       60
       60
       -
             background: transparent;

     

       61
       61
       -
             color: var(--primary);

     

       62
       62
       -
           }

     

       63
       63
       -
       

     

       64
       64
       -
           .btn-secondary {

     

       65
       65
       -
             background: transparent;

     

       66
       66
       -
             color: var(--text);

     

       67
       67
       -
             border-color: var(--secondary);

     

       68
       68
       -
           }

     

       69
       69
       -
       

     

       70
       70
       -
           .btn-secondary:hover {

     

       71
       71
       -
             border-color: var(--primary);

     

       72
       72
       -
             color: var(--primary);

     

       73
       73
       -
           }

     

       74
       74
       -
       

     

       75
       75
       -
           @media (max-width: 640px) {

     

       76
       76
       -
             .hero-title {

     

       77
       77
       -
               font-size: 2.5rem;

     

       78
       78
       -
             }

     

       79
       79
       -
       

     

       80
       80
       -
             .cta-buttons {

     

       81
       81
       -
               flex-direction: column;

     

       82
       82
       -
               align-items: center;

     

       83
       83
       -
             }

     

       84
       84
       -
           }

     

       85
       85
       -
         </style>

     

       13
       13
       +
         <link rel="stylesheet" href="../styles/index.css">

     

       86
       14
        
       </head>

     

       87
       15
        
       

     

       88
       16
        
       <body>

     
···

       106
       34
        
         </main>

     

       107
       35
        
       

     

       108
       36
        
         <script type="module" src="../components/auth.ts"></script>

     

       109
       109
       -
         <script type="module">

     

       110
       110
       -
           document.getElementById('start-btn').addEventListener('click', async () => {

     

       111
       111
       -
             const authComponent = document.querySelector('auth-component');

     

       112
       112
       -
             const isLoggedIn = await authComponent.isAuthenticated();

     

       113
       113
       -
       

     

       114
       114
       -
             if (isLoggedIn) {

     

       115
       115
       -
               window.location.href = '/classes';

     

       116
       116
       -
             } else {

     

       117
       117
       -
               authComponent.openAuthModal();

     

       118
       118
       -
             }

     

       119
       119
       -
           });

     

       120
       120
       -
         </script>

     

       37
       37
       +
         <script type="module" src="./index.ts"></script>

     

       121
       38
        
       </body>

     

       122
       39
        
       

     

       123
       40
        
       </html>

+14

src/pages/index.ts

···

       1
       1
       +
       document.getElementById("start-btn")?.addEventListener("click", async () => {

     

       2
       2
       +
       	const authComponent = document.querySelector("auth-component");

     

       3
       3
       +
       	if (!authComponent) return;

     

       4
       4
       +
       

     

       5
       5
       +
       	const isLoggedIn = await (

     

       6
       6
       +
       		authComponent as { isAuthenticated: () => Promise<boolean> }

     

       7
       7
       +
       	).isAuthenticated();

     

       8
       8
       +
       

     

       9
       9
       +
       	if (isLoggedIn) {

     

       10
       10
       +
       		window.location.href = "/classes";

     

       11
       11
       +
       	} else {

     

       12
       12
       +
       		(authComponent as { openAuthModal: () => void }).openAuthModal();

     

       13
       13
       +
       	}

     

       14
       14
       +
       });

+2 -20

src/pages/reset-password.html

···

       10
       10
        
         <link rel="icon" type="image/png" sizes="16x16" href="../../public/favicon/favicon-16x16.png">

     

       11
       11
        
         <link rel="manifest" href="../../public/favicon/site.webmanifest">

     

       12
       12
        
         <link rel="stylesheet" href="../styles/main.css">

     

       13
       13
       -
         <style>

     

       14
       14
       -
           main {

     

       15
       15
       -
             display: flex;

     

       16
       16
       -
             align-items: center;

     

       17
       17
       -
             justify-content: center;

     

       18
       18
       -
             padding: 4rem 1rem;

     

       19
       19
       -
           }

     

       20
       20
       -
         </style>

     

       13
       13
       +
         <link rel="stylesheet" href="../styles/reset-password.css">

     

       21
       14
        
       </head>

     

       22
       15
        
       

     

       23
       16
        
       <body>

     
···

       37
       30
        
       

     

       38
       31
        
         <script type="module" src="../components/auth.ts"></script>

     

       39
       32
        
         <script type="module" src="../components/reset-password-form.ts"></script>

     

       40
       40
       -
         <script type="module">

     

       41
       41
       -
           // Wait for component to be defined before setting token

     

       42
       42
       -
           await customElements.whenDefined('reset-password-form');

     

       43
       43
       -
           

     

       44
       44
       -
           // Get token from URL and pass to component

     

       45
       45
       -
           const urlParams = new URLSearchParams(window.location.search);

     

       46
       46
       -
           const token = urlParams.get('token');

     

       47
       47
       -
           const resetForm = document.getElementById('reset-form');

     

       48
       48
       -
           if (resetForm) {

     

       49
       49
       -
             resetForm.token = token;

     

       50
       50
       -
           }

     

       51
       51
       -
         </script>

     

       33
       33
       +
         <script type="module" src="./reset-password.ts"></script>

     

       52
       34
        
       </body>

     

       53
       35
        
       

     

       54
       36
        
       </html>

+10

src/pages/reset-password.ts

···

       1
       1
       +
       // Wait for component to be defined before setting token

     

       2
       2
       +
       await customElements.whenDefined("reset-password-form");

     

       3
       3
       +
       

     

       4
       4
       +
       // Get token from URL and pass to component

     

       5
       5
       +
       const urlParams = new URLSearchParams(window.location.search);

     

       6
       6
       +
       const token = urlParams.get("token");

     

       7
       7
       +
       const resetForm = document.getElementById("reset-form");

     

       8
       8
       +
       if (resetForm) {

     

       9
       9
       +
       	(resetForm as { token: string | null }).token = token;

     

       10
       10
       +
       }

+1 -6

src/pages/settings.html

···

       10
       10
        
       	<link rel="icon" type="image/png" sizes="16x16" href="../../public/favicon/favicon-16x16.png">

     

       11
       11
        
       	<link rel="manifest" href="../../public/favicon/site.webmanifest">

     

       12
       12
        
       	<link rel="stylesheet" href="../styles/main.css">

     

       13
       13
       -
       

     

       14
       14
       -
       	<style>

     

       15
       15
       -
       		main {

     

       16
       16
       -
       			max-width: 64rem;

     

       17
       17
       -
       		}

     

       18
       18
       -
       	</style>

     

       13
       13
       +
       	<link rel="stylesheet" href="../styles/settings.css">

     

       19
       14
        
       </head>

     

       20
       15
        
       

     

       21
       16
        
       <body>

+3 -21

src/pages/transcribe.html

···

       10
       10
        
         <link rel="icon" type="image/png" sizes="16x16" href="../../public/favicon/favicon-16x16.png">

     

       11
       11
        
         <link rel="manifest" href="../../public/favicon/site.webmanifest">

     

       12
       12
        
         <link rel="stylesheet" href="../styles/main.css">

     

       13
       13
       -
         <style>

     

       14
       14
       -
           .page-header {

     

       15
       15
       -
             text-align: center;

     

       16
       16
       -
             margin-bottom: 3rem;

     

       17
       17
       -
           }

     

       18
       18
       -
       

     

       19
       19
       -
           .page-title {

     

       20
       20
       -
             font-size: 2.5rem;

     

       21
       21
       -
             font-weight: 700;

     

       22
       22
       -
             color: var(--text);

     

       23
       23
       -
             margin-bottom: 0.5rem;

     

       24
       24
       -
           }

     

       25
       25
       -
       

     

       26
       26
       -
           .page-subtitle {

     

       27
       27
       -
             font-size: 1.125rem;

     

       28
       28
       -
             color: var(--text);

     

       29
       29
       -
             opacity: 0.8;

     

       30
       30
       -
           }

     

       31
       31
       -
         </style>

     

       13
       13
       +
         <link rel="stylesheet" href="../styles/transcribe.css">

     

       32
       14
        
       </head>

     

       33
       15
        
       

     

       34
       16
        
       <body>

     
···

       43
       25
        
         </header>

     

       44
       26
        
       

     

       45
       27
        
         <main>

     

       46
       46
       -
           <div style="margin-bottom: 1rem;">

     

       47
       47
       -
             <a href="/classes" style="color: var(--paynes-gray); text-decoration: none; font-size: 0.875rem;">

     

       28
       28
       +
           <div class="mb-1">

     

       29
       29
       +
             <a href="/classes" class="back-link">

     

       48
       30
        
               ← Back to classes

     

       49
       31
        
             </a>

     

       50
       32
        
           </div>

+120

src/styles/admin.css

···

       1
       1
       +
       main {

     

       2
       2
       +
       	max-width: 80rem;

     

       3
       3
       +
       	margin: 0 auto;

     

       4
       4
       +
       	padding: 2rem;

     

       5
       5
       +
       }

     

       6
       6
       +
       

     

       7
       7
       +
       h1 {

     

       8
       8
       +
       	margin-bottom: 2rem;

     

       9
       9
       +
       	color: var(--text);

     

       10
       10
       +
       }

     

       11
       11
       +
       

     

       12
       12
       +
       .section {

     

       13
       13
       +
       	margin-bottom: 3rem;

     

       14
       14
       +
       }

     

       15
       15
       +
       

     

       16
       16
       +
       .section-title {

     

       17
       17
       +
       	font-size: 1.5rem;

     

       18
       18
       +
       	font-weight: 600;

     

       19
       19
       +
       	color: var(--text);

     

       20
       20
       +
       	margin-bottom: 1rem;

     

       21
       21
       +
       	display: flex;

     

       22
       22
       +
       	align-items: center;

     

       23
       23
       +
       	gap: 0.5rem;

     

       24
       24
       +
       }

     

       25
       25
       +
       

     

       26
       26
       +
       .tabs {

     

       27
       27
       +
       	display: flex;

     

       28
       28
       +
       	gap: 1rem;

     

       29
       29
       +
       	border-bottom: 2px solid var(--secondary);

     

       30
       30
       +
       	margin-bottom: 2rem;

     

       31
       31
       +
       }

     

       32
       32
       +
       

     

       33
       33
       +
       .tab {

     

       34
       34
       +
       	padding: 0.75rem 1.5rem;

     

       35
       35
       +
       	border: none;

     

       36
       36
       +
       	background: transparent;

     

       37
       37
       +
       	color: var(--text);

     

       38
       38
       +
       	cursor: pointer;

     

       39
       39
       +
       	font-size: 1rem;

     

       40
       40
       +
       	font-weight: 500;

     

       41
       41
       +
       	font-family: inherit;

     

       42
       42
       +
       	border-bottom: 2px solid transparent;

     

       43
       43
       +
       	margin-bottom: -2px;

     

       44
       44
       +
       	transition: all 0.2s;

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       47
       47
       +
       .tab:hover {

     

       48
       48
       +
       	color: var(--primary);

     

       49
       49
       +
       }

     

       50
       50
       +
       

     

       51
       51
       +
       .tab.active {

     

       52
       52
       +
       	color: var(--primary);

     

       53
       53
       +
       	border-bottom-color: var(--primary);

     

       54
       54
       +
       }

     

       55
       55
       +
       

     

       56
       56
       +
       .tab-content {

     

       57
       57
       +
       	display: none;

     

       58
       58
       +
       }

     

       59
       59
       +
       

     

       60
       60
       +
       .tab-content.active {

     

       61
       61
       +
       	display: block;

     

       62
       62
       +
       }

     

       63
       63
       +
       

     

       64
       64
       +
       .empty-state {

     

       65
       65
       +
       	text-align: center;

     

       66
       66
       +
       	padding: 3rem;

     

       67
       67
       +
       	color: var(--text);

     

       68
       68
       +
       	opacity: 0.6;

     

       69
       69
       +
       }

     

       70
       70
       +
       

     

       71
       71
       +
       .loading {

     

       72
       72
       +
       	text-align: center;

     

       73
       73
       +
       	padding: 3rem;

     

       74
       74
       +
       	color: var(--text);

     

       75
       75
       +
       }

     

       76
       76
       +
       

     

       77
       77
       +
       .error {

     

       78
       78
       +
       	background: #fee2e2;

     

       79
       79
       +
       	color: #991b1b;

     

       80
       80
       +
       	padding: 1rem;

     

       81
       81
       +
       	border-radius: 6px;

     

       82
       82
       +
       	margin-bottom: 1rem;

     

       83
       83
       +
       }

     

       84
       84
       +
       

     

       85
       85
       +
       .stats {

     

       86
       86
       +
       	display: grid;

     

       87
       87
       +
       	grid-template-columns: repeat(auto-fit, minmax(15rem, 1fr));

     

       88
       88
       +
       	gap: 1rem;

     

       89
       89
       +
       	margin-bottom: 2rem;

     

       90
       90
       +
       }

     

       91
       91
       +
       

     

       92
       92
       +
       .stat-card {

     

       93
       93
       +
       	background: var(--background);

     

       94
       94
       +
       	border: 2px solid var(--secondary);

     

       95
       95
       +
       	border-radius: 8px;

     

       96
       96
       +
       	padding: 1.5rem;

     

       97
       97
       +
       }

     

       98
       98
       +
       

     

       99
       99
       +
       .stat-value {

     

       100
       100
       +
       	font-size: 2rem;

     

       101
       101
       +
       	font-weight: 700;

     

       102
       102
       +
       	color: var(--primary);

     

       103
       103
       +
       	margin-bottom: 0.25rem;

     

       104
       104
       +
       }

     

       105
       105
       +
       

     

       106
       106
       +
       .stat-label {

     

       107
       107
       +
       	color: var(--text);

     

       108
       108
       +
       	opacity: 0.7;

     

       109
       109
       +
       	font-size: 0.875rem;

     

       110
       110
       +
       }

     

       111
       111
       +
       

     

       112
       112
       +
       .timestamp {

     

       113
       113
       +
       	color: var(--text);

     

       114
       114
       +
       	opacity: 0.6;

     

       115
       115
       +
       	font-size: 0.875rem;

     

       116
       116
       +
       }

     

       117
       117
       +
       

     

       118
       118
       +
       .hidden {

     

       119
       119
       +
       	display: none;

     

       120
       120
       +
       }

+71

src/styles/index.css

···

       1
       1
       +
       .hero-title {

     

       2
       2
       +
       	font-size: 3rem;

     

       3
       3
       +
       	font-weight: 700;

     

       4
       4
       +
       	color: var(--text);

     

       5
       5
       +
       	margin-bottom: 1rem;

     

       6
       6
       +
       }

     

       7
       7
       +
       

     

       8
       8
       +
       .hero-subtitle {

     

       9
       9
       +
       	font-size: 1.25rem;

     

       10
       10
       +
       	color: var(--text);

     

       11
       11
       +
       	opacity: 0.8;

     

       12
       12
       +
       	margin-bottom: 2rem;

     

       13
       13
       +
       }

     

       14
       14
       +
       

     

       15
       15
       +
       main {

     

       16
       16
       +
       	text-align: center;

     

       17
       17
       +
       	padding: 4rem 2rem;

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       .cta-buttons {

     

       21
       21
       +
       	display: flex;

     

       22
       22
       +
       	gap: 1rem;

     

       23
       23
       +
       	justify-content: center;

     

       24
       24
       +
       	margin-top: 2rem;

     

       25
       25
       +
       }

     

       26
       26
       +
       

     

       27
       27
       +
       .btn {

     

       28
       28
       +
       	padding: 0.75rem 1.5rem;

     

       29
       29
       +
       	border-radius: 6px;

     

       30
       30
       +
       	font-size: 1rem;

     

       31
       31
       +
       	font-weight: 500;

     

       32
       32
       +
       	cursor: pointer;

     

       33
       33
       +
       	transition: all 0.2s;

     

       34
       34
       +
       	font-family: inherit;

     

       35
       35
       +
       	border: 2px solid;

     

       36
       36
       +
       	text-decoration: none;

     

       37
       37
       +
       	display: inline-block;

     

       38
       38
       +
       }

     

       39
       39
       +
       

     

       40
       40
       +
       .btn-primary {

     

       41
       41
       +
       	background: var(--primary);

     

       42
       42
       +
       	color: white;

     

       43
       43
       +
       	border-color: var(--primary);

     

       44
       44
       +
       }

     

       45
       45
       +
       

     

       46
       46
       +
       .btn-primary:hover {

     

       47
       47
       +
       	background: transparent;

     

       48
       48
       +
       	color: var(--primary);

     

       49
       49
       +
       }

     

       50
       50
       +
       

     

       51
       51
       +
       .btn-secondary {

     

       52
       52
       +
       	background: transparent;

     

       53
       53
       +
       	color: var(--text);

     

       54
       54
       +
       	border-color: var(--secondary);

     

       55
       55
       +
       }

     

       56
       56
       +
       

     

       57
       57
       +
       .btn-secondary:hover {

     

       58
       58
       +
       	border-color: var(--primary);

     

       59
       59
       +
       	color: var(--primary);

     

       60
       60
       +
       }

     

       61
       61
       +
       

     

       62
       62
       +
       @media (max-width: 640px) {

     

       63
       63
       +
       	.hero-title {

     

       64
       64
       +
       		font-size: 2.5rem;

     

       65
       65
       +
       	}

     

       66
       66
       +
       

     

       67
       67
       +
       	.cta-buttons {

     

       68
       68
       +
       		flex-direction: column;

     

       69
       69
       +
       		align-items: center;

     

       70
       70
       +
       	}

     

       71
       71
       +
       }

src/styles/reset-password.css

···

       1
       1
       +
       main {

     

       2
       2
       +
       	display: flex;

     

       3
       3
       +
       	align-items: center;

     

       4
       4
       +
       	justify-content: center;

     

       5
       5
       +
       	padding: 4rem 1rem;

     

       6
       6
       +
       }

src/styles/settings.css

···

       1
       1
       +
       main {

     

       2
       2
       +
       	max-width: 64rem;

     

       3
       3
       +
       }

+27

src/styles/transcribe.css

···

       1
       1
       +
       .page-header {

     

       2
       2
       +
       	text-align: center;

     

       3
       3
       +
       	margin-bottom: 3rem;

     

       4
       4
       +
       }

     

       5
       5
       +
       

     

       6
       6
       +
       .page-title {

     

       7
       7
       +
       	font-size: 2.5rem;

     

       8
       8
       +
       	font-weight: 700;

     

       9
       9
       +
       	color: var(--text);

     

       10
       10
       +
       	margin-bottom: 0.5rem;

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       .page-subtitle {

     

       14
       14
       +
       	font-size: 1.125rem;

     

       15
       15
       +
       	color: var(--text);

     

       16
       16
       +
       	opacity: 0.8;

     

       17
       17
       +
       }

     

       18
       18
       +
       

     

       19
       19
       +
       .back-link {

     

       20
       20
       +
       	color: var(--paynes-gray);

     

       21
       21
       +
       	text-decoration: none;

     

       22
       22
       +
       	font-size: 0.875rem;

     

       23
       23
       +
       }

     

       24
       24
       +
       

     

       25
       25
       +
       .mb-1 {

     

       26
       26
       +
       	margin-bottom: 1rem;

     

       27
       27
       +
       }

Compare changes