fix api security issues and update pages issue

This commit is contained in:
root
2026-06-04 16:41:25 -04:00
parent ad7b13f4d8
commit 1b0d9a36ad
14 changed files with 840 additions and 361 deletions
+20 -8
View File
@@ -1,8 +1,9 @@
import { useState } from 'react'
import { useLocation, useNavigate } from 'react-router-dom'
import { fetchDashboardRoute } from '../api/session'
import { fetchDashboardRoute, postRoleSwitch } from '../api/session'
import { useAuth } from '../auth/AuthProvider'
import { spaPathFromCiUrl } from '../lib/ciSpaPaths'
import { isParentPortalRole, isTeacherPortalRole } from '../lib/portalRoles'
/** Shared navigation after JWT login when the account has multiple roles (CI `welcome_back` / `select_role`). */
export function useContinueWithRole() {
@@ -19,19 +20,30 @@ export function useContinueWithRole() {
setBusyRole(nextRole)
setError(null)
try {
setSelectedRole(nextRole)
const roleLower = nextRole.toLowerCase()
const fromApp = from.startsWith('/app') ? from : ''
const hasDeepLink = Boolean(fromApp && fromApp !== '/app/home')
let target: string
let target: string | null = null
try {
const switched = await postRoleSwitch(nextRole)
const route = switched.data?.dashboard_route
const mapped = route ? spaPathFromCiUrl(route) : null
if (mapped) {
target = mapped
}
} catch {
/* fall back to client-side role defaults */
}
setSelectedRole(nextRole)
if (hasDeepLink) {
target = fromApp
} else if (roleLower === 'parent') {
} else if (isParentPortalRole(nextRole)) {
target = '/app/parent/home'
} else if (roleLower === 'teacher' || roleLower === 'teacher_assistant') {
} else if (isTeacherPortalRole(nextRole)) {
target = '/app/teacher_dashboard'
} else {
} else if (!target) {
target = '/app/home'
try {
const dash = await fetchDashboardRoute()
@@ -43,7 +55,7 @@ export function useContinueWithRole() {
}
}
navigate(target, { replace: true })
navigate(target ?? '/app/home', { replace: true })
} catch (e) {
setError(e instanceof Error ? e.message : 'Unable to continue.')
} finally {