maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: WebSocket real-time + rAF render gate + guest board + screen picker

Browse Source 
Classroom performance:
- WebSocket server (ws-server.js) for low-latency cursor & stroke preview
  Replaces HTTP POST per event → eliminates per-message auth overhead
  Session member cache (30s TTL) avoids SQLite query per WS message
  Fallback to HTTP POST when WS not connected
- Cursor throttle reduced 100ms → 33ms (~30fps)
- Stroke preview throttle reduced 50ms → 20ms
- whiteboard.js: render() is now rAF-gated (_doRender/_rafPending)
  Multiple render() calls within one frame collapse into one repaint
  document.hidden check — zero CPU when tab is in background
  visibilitychange listener restores canvas on tab focus

Guest board:
- guestClassroom.js route: public token-based read-only access
- guest-board.html: name entry + read-only whiteboard + SSE
- SSE: addGuestClient/removeGuestClient/emitToGuests

Screen share picker:
- Discord-style modal with tab switching (screen/window/tab)
- Live video preview before confirming share
- useExistingScreenStream() in ClassroomRTC

Fullscreen exit overlay:
- #cr-fs-exit-overlay button inside cr-board-wrap
- Visible only via CSS :fullscreen selector (touchpad users)

File sharing from library:
- Teacher picks file from library, sends as styled card in chat
- crDownloadLibraryFile() fetches with Bearer auth

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Maxim Dolgolyov
2026-04-13 18:04:59 +03:00
parent 074ee5687b
commit fd29acbbdd
70 changed files with 12231 additions and 498 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/controllers/adminController.js
+1 -1
View File
@@ -324,7 +324,7 @@ function getFeatures(_req, res) {
/* ── PATCH /api/admin/features ──────────────────────────────────────── */
function updateFeatures(req, res) {
const allowed = ['crossword', 'hangman', 'pet', 'red_book', 'collection',
'flashcards', 'knowledge_map', 'board', 'biochem', 'live_quiz'];
'flashcards', 'knowledge_map', 'board', 'biochem', 'live_quiz', 'classroom'];
const updates = req.body;
const stmt = db.prepare("INSERT OR REPLACE INTO app_settings (key, value) VALUES (?, ?)");
const changed = [];
backend/src/controllers/classroomController.js
+568 -3
View File
@@ -1,7 +1,8 @@
const db = require('../db/db');
const path = require('path');
const fs = require('fs');
const { emit, emitToClass, getOnlineUserIds } = require('../sse');
const crypto = require('crypto');
const { emit, emitToClass, getOnlineUserIds, emitToGuests } = require('../sse');
/* ── chat attachment uploads dir ─────────────────────────────────────── */
const CHAT_UPLOADS_DIR = path.join(__dirname, '../../uploads/chat');
@@ -15,6 +16,14 @@ function canDraw(sessionId, userId, session) {
).get(sessionId, userId);
}
/* Events forwarded to read-only guest viewers (whiteboard + lifecycle only) */
const GUEST_EVENTS = new Set([
'classroom_strokes', 'classroom_stroke_preview', 'classroom_stroke_deleted',
'classroom_stroke_updated', 'classroom_page_added', 'classroom_page_changed',
'classroom_template_changed', 'classroom_page_cleared', 'classroom_page_renamed',
'classroom_page_duplicated', 'classroom_page_deleted', 'classroom_ended',
]);
/* ── Helper: broadcast to all session participants ─────────────────────── */
function emitToSession(sessionId, data) {
const session = db.prepare('SELECT class_id, teacher_id FROM classroom_sessions WHERE id=?').get(sessionId);
@@ -29,6 +38,9 @@ function emitToSession(sessionId, data) {
const invites = db.prepare('SELECT user_id FROM classroom_invites WHERE session_id=?').all(sessionId);
for (const { user_id } of invites) emit(user_id, data);
}
// Forward whitelisted events to guest viewers
if (GUEST_EVENTS.has(data.type)) emitToGuests(sessionId, data);
}
/* ── Helper: check if user has access to session ──────────────────────── */
@@ -50,6 +62,12 @@ function createSession(req, res) {
const { class_id, user_ids, title = '' } = req.body;
const teacher = req.user;
// Check if classroom module is enabled
const classroomEnabled = db.prepare("SELECT value FROM app_settings WHERE key='feature_classroom_enabled'").get();
if (classroomEnabled?.value === '0') {
return res.status(403).json({ error: 'Модуль онлайн-уроков отключён администратором' });
}
if (!class_id && (!user_ids || !user_ids.length)) {
return res.status(400).json({ error: 'Укажите class_id или user_ids' });
}
@@ -585,10 +603,11 @@ function getStrokes(req, res) {
const strokes = rows.map(r => ({ ...r, data: JSON.parse(r.data) }));
const pageRow = db.prepare('SELECT template FROM classroom_pages WHERE session_id=? AND page_num=?').get(sessionId, pageNum);
const pageRow = db.prepare('SELECT template, name FROM classroom_pages WHERE session_id=? AND page_num=?').get(sessionId, pageNum);
const template = pageRow?.template || 'blank';
const name = pageRow?.name || null;
res.json({ strokes, template });
res.json({ strokes, template, name });
}
/* PATCH /api/classroom/:id/strokes/:strokeId — update image position/size */
@@ -656,6 +675,103 @@ function clearPage(req, res) {
res.json({ ok: true });
}
/* GET /api/classroom/:id/pages — list all pages with names/templates */
function getPages(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT * FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Не найдено' });
if (!hasAccess(session, req.user.id, req.user.role))
return res.status(403).json({ error: 'Нет доступа' });
const maxS = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_strokes WHERE session_id=?').get(sessionId).m;
const maxP = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_pages WHERE session_id=?').get(sessionId).m;
const total = Math.max(session.current_page, maxS, maxP, 1);
const rows = db.prepare('SELECT page_num, template, name FROM classroom_pages WHERE session_id=?').all(sessionId);
const map = {};
rows.forEach(r => { map[r.page_num] = r; });
const pages = [];
for (let i = 1; i <= total; i++) {
pages.push({ page_num: i, template: map[i]?.template || 'blank', name: map[i]?.name || null });
}
res.json({ pages, currentPage: session.current_page });
}
/* PATCH /api/classroom/:id/pages/:pageNum/name — rename page */
function renamePage(req, res) {
const sessionId = Number(req.params.id);
const pageNum = Number(req.params.pageNum);
const { name } = req.body;
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
db.prepare('INSERT OR IGNORE INTO classroom_pages (session_id, page_num, template) VALUES (?,?,?)').run(sessionId, pageNum, 'blank');
db.prepare('UPDATE classroom_pages SET name=? WHERE session_id=? AND page_num=?').run(name || null, sessionId, pageNum);
emitToSession(sessionId, { type: 'classroom_page_renamed', sessionId, pageNum, name: name || null });
res.json({ ok: true, pageNum, name: name || null });
}
/* POST /api/classroom/:id/pages/:pageNum/duplicate — duplicate a page */
function duplicatePage(req, res) {
const sessionId = Number(req.params.id);
const srcPage = Number(req.params.pageNum);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const srcRow = db.prepare('SELECT template, name FROM classroom_pages WHERE session_id=? AND page_num=?').get(sessionId, srcPage);
const srcTpl = srcRow?.template || 'blank';
const newName = srcRow?.name ? srcRow.name + ' (копия)' : null;
const maxS = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_strokes WHERE session_id=?').get(sessionId).m;
const maxP = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_pages WHERE session_id=?').get(sessionId).m;
const newPage = Math.max(session.current_page, maxS, maxP) + 1;
db.prepare('INSERT OR IGNORE INTO classroom_pages (session_id, page_num, template, name) VALUES (?,?,?,?)').run(sessionId, newPage, srcTpl, newName);
const strokes = db.prepare('SELECT tool, data FROM classroom_strokes WHERE session_id=? AND page_num=? ORDER BY seq').all(sessionId, srcPage);
const ins = db.prepare('INSERT INTO classroom_strokes (session_id, page_num, tool, data) VALUES (?,?,?,?)');
db.transaction(() => { strokes.forEach(s => ins.run(sessionId, newPage, s.tool, s.data)); })();
db.prepare('UPDATE classroom_sessions SET current_page=? WHERE id=?').run(newPage, sessionId);
emitToSession(sessionId, { type: 'classroom_page_duplicated', sessionId, srcPage, newPage, template: srcTpl, name: newName });
res.json({ ok: true, newPage, template: srcTpl, name: newName });
}
/* DELETE /api/classroom/:id/pages/:pageNum — delete a page */
function deletePage(req, res) {
const sessionId = Number(req.params.id);
const pageNum = Number(req.params.pageNum);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const maxS = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_strokes WHERE session_id=?').get(sessionId).m;
const maxP = db.prepare('SELECT COALESCE(MAX(page_num),0) AS m FROM classroom_pages WHERE session_id=?').get(sessionId).m;
const total = Math.max(session.current_page, maxS, maxP, 1);
if (total <= 1) return res.status(400).json({ error: 'Нельзя удалить единственную страницу' });
db.prepare('DELETE FROM classroom_strokes WHERE session_id=? AND page_num=?').run(sessionId, pageNum);
db.prepare('DELETE FROM classroom_pages WHERE session_id=? AND page_num=?').run(sessionId, pageNum);
db.prepare('UPDATE classroom_strokes SET page_num=page_num-1 WHERE session_id=? AND page_num>?').run(sessionId, pageNum);
db.prepare('UPDATE classroom_pages SET page_num=page_num-1 WHERE session_id=? AND page_num>?').run(sessionId, pageNum);
let newCurrent = session.current_page;
if (newCurrent > pageNum) newCurrent--;
else if (newCurrent === pageNum) newCurrent = Math.max(1, pageNum - 1);
db.prepare('UPDATE classroom_sessions SET current_page=? WHERE id=?').run(newCurrent, sessionId);
emitToSession(sessionId, { type: 'classroom_page_deleted', sessionId, pageNum, newCurrent });
res.json({ ok: true, pageNum, newCurrent });
}
/* POST /api/classroom/:id/mute — teacher mutes a student */
function mutePeer(req, res) {
const sessionId = Number(req.params.id);
@@ -797,6 +913,66 @@ function screenStop(req, res) {
res.json({ ok: true });
}
/* ── Simulation integration ──────────────────────────────────────────────── */
/* POST /api/classroom/:id/sim — teacher opens simulation for everyone */
function simOpen(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const { simId, title } = req.body;
if (!simId || typeof simId !== 'string' || !/^[a-z0-9_-]{1,40}$/.test(simId))
return res.status(400).json({ error: 'Неверный simId' });
emitToSession(sessionId, { type: 'classroom_sim_open', sessionId, simId, title: (title || simId).slice(0, 80) });
res.json({ ok: true });
}
/* POST /api/classroom/:id/sim/state — teacher relays sim state to students */
function simState(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const { state } = req.body;
if (!state || typeof state !== 'object') return res.status(400).json({ error: 'Нет state' });
emitToSession(sessionId, { type: 'classroom_sim_state', sessionId, state });
res.json({ ok: true });
}
/* POST /api/classroom/:id/sim/mode — teacher sets sim mode (demo/free) */
function simMode(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const { mode } = req.body;
if (mode !== 'demo' && mode !== 'free') return res.status(400).json({ error: 'mode must be demo|free' });
emitToSession(sessionId, { type: 'classroom_sim_mode', sessionId, mode });
res.json({ ok: true });
}
/* DELETE /api/classroom/:id/sim — teacher closes simulation */
function simClose(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare(`SELECT * FROM classroom_sessions WHERE id=? AND status='active'`).get(sessionId);
if (!session) return res.status(404).json({ error: 'Сессия не активна' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
emitToSession(sessionId, { type: 'classroom_sim_close', sessionId });
res.json({ ok: true });
}
/* ── Chat: upload image attachment ──────────────────────────────────────── */
function uploadChatAttachment(req, res) {
if (!req.file) return res.status(400).json({ error: 'Файл не получен' });
@@ -870,7 +1046,341 @@ function saveNotes(req, res) {
res.json({ ok: true });
}
/* ── Lesson history ─────────────────────────────────────────────────────── */
/* GET /api/classroom/class/:classId/history */
function getClassHistory(req, res) {
const classId = Number(req.params.classId);
const page = Math.max(1, Number(req.query.page) || 1);
const limit = Math.min(50, Number(req.query.limit) || 20);
const search = (req.query.search || '').trim();
const offset = (page - 1) * limit;
// Access check: admin sees all; teacher must own the class; student must be member
const cls = db.prepare('SELECT * FROM classes WHERE id=?').get(classId);
if (!cls) return res.status(404).json({ error: 'Класс не найден' });
if (req.user.role === 'teacher') {
if (cls.teacher_id !== req.user.id) return res.status(403).json({ error: 'Нет доступа' });
} else if (req.user.role === 'student' || req.user.role === 'free_student') {
const member = db.prepare('SELECT 1 FROM class_members WHERE class_id=? AND user_id=?').get(classId, req.user.id);
if (!member) return res.status(403).json({ error: 'Нет доступа' });
}
const whereSearch = search ? `AND (s.title LIKE '%'||?||'%')` : '';
const params = search ? [classId, search] : [classId];
const total = db.prepare(`
SELECT COUNT(*) AS n FROM classroom_sessions s
WHERE s.class_id=? AND s.status='ended' ${whereSearch}
`).get(...params).n;
const sessions = db.prepare(`
SELECT s.id, s.title, s.created_at, s.ended_at, s.teacher_id,
u.name AS teacher_name,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS participant_count,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS message_count,
(COALESCE((SELECT MAX(page_num) FROM classroom_pages WHERE session_id=s.id),1)) AS page_count,
(SELECT COUNT(*) FROM classroom_strokes WHERE session_id=s.id) AS stroke_count
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
WHERE s.class_id=? AND s.status='ended' ${whereSearch}
ORDER BY s.ended_at DESC
LIMIT ? OFFSET ?
`).all(...params, limit, offset);
res.json({ sessions, total, page, pages: Math.ceil(total / limit) });
}
/* GET /api/classroom/my/history */
function getMyHistory(req, res) {
const page = Math.max(1, Number(req.query.page) || 1);
const limit = Math.min(50, Number(req.query.limit) || 20);
const offset = (page - 1) * limit;
let sessions, total;
if (req.user.role === 'teacher' || req.user.role === 'admin') {
total = db.prepare(`SELECT COUNT(*) AS n FROM classroom_sessions WHERE teacher_id=? AND status='ended'`).get(req.user.id).n;
sessions = db.prepare(`
SELECT s.id, s.title, s.created_at, s.ended_at, s.class_id, s.teacher_id,
u.name AS teacher_name,
c.name AS class_name,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS participant_count,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS message_count,
(COALESCE((SELECT MAX(page_num) FROM classroom_pages WHERE session_id=s.id),1)) AS page_count
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE s.teacher_id=? AND s.status='ended'
ORDER BY s.ended_at DESC LIMIT ? OFFSET ?
`).all(req.user.id, limit, offset);
} else {
// student: sessions they have attendance records for
total = db.prepare(`
SELECT COUNT(DISTINCT s.id) AS n FROM classroom_sessions s
JOIN classroom_attendance a ON a.session_id=s.id
WHERE a.user_id=? AND s.status='ended'
`).get(req.user.id).n;
sessions = db.prepare(`
SELECT s.id, s.title, s.created_at, s.ended_at, s.class_id,
u.name AS teacher_name,
c.name AS class_name,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS participant_count,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS message_count,
(COALESCE((SELECT MAX(page_num) FROM classroom_pages WHERE session_id=s.id),1)) AS page_count
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
JOIN classroom_attendance a ON a.session_id=s.id
WHERE a.user_id=? AND s.status='ended'
GROUP BY s.id ORDER BY s.ended_at DESC LIMIT ? OFFSET ?
`).all(req.user.id, limit, offset);
}
res.json({ sessions, total, page, pages: Math.ceil(total / limit) });
}
/* GET /api/classroom/:id/summary */
function getSessionSummary(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT * FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Не найдено' });
if (!hasAccess(session, req.user.id, req.user.role))
return res.status(403).json({ error: 'Нет доступа' });
const teacherName = db.prepare('SELECT name FROM users WHERE id=?').get(session.teacher_id)?.name || '';
const className = session.class_id
? db.prepare('SELECT name FROM classes WHERE id=?').get(session.class_id)?.name || null
: null;
const durationSec = session.ended_at
? Math.round((new Date(session.ended_at) - new Date(session.created_at)) / 1000)
: null;
const stats = {
duration_sec: durationSec,
participant_count: db.prepare('SELECT COUNT(*) AS n FROM classroom_attendance WHERE session_id=?').get(sessionId).n,
message_count: db.prepare('SELECT COUNT(*) AS n FROM classroom_chat WHERE session_id=?').get(sessionId).n,
page_count: db.prepare('SELECT COALESCE(MAX(page_num),1) AS n FROM classroom_pages WHERE session_id=?').get(sessionId).n,
stroke_count: db.prepare('SELECT COUNT(*) AS n FROM classroom_strokes WHERE session_id=?').get(sessionId).n,
};
const attendance = db.prepare(`
SELECT a.user_id, u.name AS user_name, a.joined_at, a.left_at
FROM classroom_attendance a
JOIN users u ON u.id = a.user_id
WHERE a.session_id=? ORDER BY a.joined_at
`).all(sessionId).map(r => ({
...r,
duration_sec: (r.joined_at && r.left_at)
? Math.round((new Date(r.left_at) - new Date(r.joined_at)) / 1000)
: null,
}));
const pages = db.prepare(`
SELECT p.page_num, p.template, p.name,
(SELECT COUNT(*) FROM classroom_strokes WHERE session_id=p.session_id AND page_num=p.page_num) AS stroke_count
FROM classroom_pages p
WHERE p.session_id=? ORDER BY p.page_num
`).all(sessionId);
// Ensure at least page 1 appears if no pages row exists
if (!pages.length) pages.push({ page_num: 1, template: 'blank', name: null, stroke_count: stats.stroke_count });
res.json({
session: { ...session, teacher_name: teacherName, class_name: className },
stats,
attendance,
pages,
});
}
/* GET /api/classroom/:id/chat/export — plaintext chat transcript (teacher/admin) */
function exportChat(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT * FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Не найдено' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const messages = db.prepare(`
SELECT c.created_at, u.name AS user_name, c.message, c.attachment_url
FROM classroom_chat c
JOIN users u ON u.id = c.user_id
WHERE c.session_id=? ORDER BY c.id ASC
`).all(sessionId);
const title = session.title || `Урок #${sessionId}`;
const date = session.created_at ? new Date(session.created_at).toLocaleDateString('ru-RU') : '';
let text = `Чат урока: ${title}\nДата: ${date}\n${'─'.repeat(50)}\n\n`;
messages.forEach(m => {
const ts = m.created_at ? new Date(m.created_at).toLocaleTimeString('ru-RU', { hour: '2-digit', minute: '2-digit' }) : '';
text += `[${ts}] ${m.user_name}: ${m.message || ''}`;
if (m.attachment_url) text += ` [вложение]`;
text += '\n';
});
const filename = `chat_${sessionId}_${date.replace(/\./g, '-')}.txt`;
res.setHeader('Content-Type', 'text/plain; charset=utf-8');
res.setHeader('Content-Disposition', `attachment; filename="${filename}"`);
res.send(text);
}
/* GET /api/classroom/:id/notes/all — all student notes (teacher/admin) */
function getAllNotes(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT * FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Не найдено' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
const notes = db.prepare(`
SELECT n.content, n.updated_at, u.name AS user_name, u.id AS user_id
FROM classroom_notes n
JOIN users u ON u.id = n.user_id
WHERE n.session_id=? AND n.content != '' ORDER BY u.name
`).all(sessionId);
res.json({ notes });
}
/* ── Lesson templates ───────────────────────────────────────────────────── */
/* DELETE /api/classroom/:id/history — permanently delete an ended session record */
function deleteHistorySession(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT * FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Не найдено' });
if (session.status !== 'ended') return res.status(400).json({ error: 'Можно удалять только завершённые сессии' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Нет доступа' });
db.prepare('DELETE FROM classroom_chat_reactions WHERE chat_id IN (SELECT id FROM classroom_chat WHERE session_id=?)').run(sessionId);
db.prepare('DELETE FROM classroom_chat WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_strokes WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_pages WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_attendance WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_notes WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_draw_permissions WHERE session_id=?').run(sessionId);
db.prepare('DELETE FROM classroom_sessions WHERE id=?').run(sessionId);
res.json({ ok: true });
}
/* GET /api/classroom/admin/active — all currently active sessions (admin only) */
function adminGetActiveSessions(req, res) {
if (req.user.role !== 'admin') return res.status(403).json({ error: 'Нет доступа' });
const sessions = db.prepare(`
SELECT s.id, s.title, s.created_at, s.class_id, s.teacher_id,
u.name AS teacher_name,
c.name AS class_name,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id AND left_at IS NULL) AS online_count,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS total_joined,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS message_count
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE s.status='active'
ORDER BY s.created_at DESC
`).all();
res.json({ sessions });
}
/* GET /api/classroom/admin/sessions — all sessions paginated (admin only) */
function adminGetAllSessions(req, res) {
if (req.user.role !== 'admin') return res.status(403).json({ error: 'Нет доступа' });
const page = Math.max(1, Number(req.query.page) || 1);
const limit = Math.min(50, Number(req.query.limit) || 20);
const search = (req.query.search || '').trim();
const teacherId = (req.query.teacher || '').trim();
const classId = (req.query.class_id || '').trim();
const dateFrom = (req.query.date_from || '').trim();
const dateTo = (req.query.date_to || '').trim();
const sort = req.query.sort || 'newest';
const offset = (page - 1) * limit;
let where = "s.status='ended'";
const params = [];
if (search) { where += ` AND (s.title LIKE '%'||?||'%' OR u.name LIKE '%'||?||'%' OR c.name LIKE '%'||?||'%')`; params.push(search, search, search); }
if (teacherId) { where += ` AND s.teacher_id=?`; params.push(Number(teacherId)); }
if (classId) { where += ` AND s.class_id=?`; params.push(Number(classId)); }
if (dateFrom) { where += ` AND date(s.created_at)>=?`; params.push(dateFrom); }
if (dateTo) { where += ` AND date(s.created_at)<=?`; params.push(dateTo); }
const orderBy = sort === 'oldest' ? 's.ended_at ASC'
: sort === 'longest' ? '(julianday(s.ended_at)-julianday(s.created_at)) DESC'
: sort === 'most_students' ? 'participant_count DESC'
: 's.ended_at DESC';
const total = db.prepare(`
SELECT COUNT(*) AS n FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE ${where}
`).get(...params).n;
const sessions = db.prepare(`
SELECT s.id, s.title, s.created_at, s.ended_at, s.class_id, s.teacher_id,
u.name AS teacher_name,
c.name AS class_name,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS participant_count,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS message_count,
COALESCE((SELECT MAX(page_num) FROM classroom_pages WHERE session_id=s.id),1) AS page_count,
(SELECT COUNT(*) FROM classroom_strokes WHERE session_id=s.id) AS stroke_count
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE ${where}
ORDER BY ${orderBy}
LIMIT ? OFFSET ?
`).all(...params, limit, offset);
// Server-side aggregates (filtered)
const agg = db.prepare(`
SELECT COUNT(*) AS total_sessions,
COUNT(DISTINCT s.teacher_id) AS total_teachers,
COALESCE(SUM(CASE WHEN s.ended_at IS NOT NULL AND s.created_at IS NOT NULL
THEN CAST((julianday(s.ended_at) - julianday(s.created_at)) * 86400 AS INTEGER)
ELSE 0 END), 0) AS total_duration_sec
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE ${where}
`).get(...params);
const aggPart = db.prepare(`
SELECT COALESCE(SUM(sub.pc),0) AS total_participants,
COALESCE(SUM(sub.mc),0) AS total_messages
FROM (
SELECT s.id,
(SELECT COUNT(*) FROM classroom_attendance WHERE session_id=s.id) AS pc,
(SELECT COUNT(*) FROM classroom_chat WHERE session_id=s.id) AS mc
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
LEFT JOIN classes c ON c.id = s.class_id
WHERE ${where}
) sub
`).get(...params);
res.json({ sessions, total, page, pages: Math.ceil(total / limit),
agg: { ...agg, ...aggPart } });
}
/* GET /api/classroom/admin/teachers-list — teachers who have sessions (admin only) */
function adminGetTeachersList(req, res) {
if (req.user.role !== 'admin') return res.status(403).json({ error: 'Нет доступа' });
const teachers = db.prepare(`
SELECT DISTINCT u.id, u.name
FROM classroom_sessions s
JOIN users u ON u.id = s.teacher_id
WHERE s.status='ended'
ORDER BY u.name
`).all();
res.json({ teachers });
}
function getTemplates(req, res) {
const templates = db.prepare(
'SELECT id, title, description, created_at FROM classroom_templates WHERE teacher_id=? ORDER BY created_at DESC'
@@ -953,6 +1463,41 @@ function loadTemplate(req, res) {
res.json({ ok: true, pages: pagesData.length });
}
/* ── Guest token: generate / revoke ───────────────────────────────────── */
function generateGuestToken(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT id, teacher_id FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Not found' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Forbidden' });
const token = crypto.randomBytes(24).toString('base64url');
db.prepare('UPDATE classroom_sessions SET guest_token=? WHERE id=?').run(token, sessionId);
res.json({ token, url: `/guest-board.html?token=${token}` });
}
function revokeGuestToken(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT id, teacher_id FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Not found' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Forbidden' });
db.prepare('UPDATE classroom_sessions SET guest_token=NULL WHERE id=?').run(sessionId);
res.json({ ok: true });
}
function getGuestToken(req, res) {
const sessionId = Number(req.params.id);
const session = db.prepare('SELECT id, teacher_id, guest_token FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return res.status(404).json({ error: 'Not found' });
if (session.teacher_id !== req.user.id && req.user.role !== 'admin')
return res.status(403).json({ error: 'Forbidden' });
if (!session.guest_token) return res.json({ token: null, url: null });
res.json({ token: session.guest_token, url: `/guest-board.html?token=${session.guest_token}` });
}
module.exports = {
createSession,
getSession,
@@ -975,12 +1520,20 @@ module.exports = {
addPage,
changePage,
updatePageTemplate,
getPages,
renamePage,
duplicatePage,
deletePage,
raiseHand,
lowerHand,
getHands,
mutePeer,
screenStart,
screenStop,
simOpen,
simClose,
simState,
simMode,
clearPage,
previewStroke,
broadcastCursor,
@@ -995,4 +1548,16 @@ module.exports = {
saveTemplate,
deleteTemplate,
loadTemplate,
getClassHistory,
getMyHistory,
getSessionSummary,
exportChat,
getAllNotes,
deleteHistorySession,
adminGetActiveSessions,
adminGetAllSessions,
adminGetTeachersList,
generateGuestToken,
revokeGuestToken,
getGuestToken,
};
backend/src/db/migrate.js
+7 -2
View File
@@ -862,7 +862,8 @@ db.exec(`
('feature_knowledge_map_enabled', '1'),
('feature_board_enabled', '1'),
('feature_biochem_enabled', '1'),
('feature_live_quiz_enabled', '1');
('feature_live_quiz_enabled', '1'),
('feature_classroom_enabled', '1');
`);
/* ── Performance indexes ───────────────────────────────────────────────── */
@@ -2773,8 +2774,9 @@ db.exec(`
UNIQUE(session_id, page_num)
)
`);
// Add template column to existing classroom_pages tables (idempotent)
// Add template + name columns to existing classroom_pages tables (idempotent)
try { db.exec(`ALTER TABLE classroom_pages ADD COLUMN template TEXT NOT NULL DEFAULT 'blank'`); } catch (_) { /* already exists */ }
try { db.exec(`ALTER TABLE classroom_pages ADD COLUMN name TEXT`); } catch (_) { /* already exists */ }
db.exec(`
CREATE TABLE IF NOT EXISTS classroom_strokes (
@@ -2854,6 +2856,9 @@ db.exec(`
)
`);
// Guest token for classroom sessions (public read-only whiteboard access)
try { db.exec("ALTER TABLE classroom_sessions ADD COLUMN guest_token TEXT UNIQUE"); } catch {}
// Persistent draw permissions (survives server restart)
db.exec(`
CREATE TABLE IF NOT EXISTS classroom_draw_permissions (
backend/src/routes/classroom.js
+31 -3
View File
@@ -30,9 +30,16 @@ const auth = [authMiddleware];
const chatLimiter = rateLimit({ windowMs: 5_000, max: 5, message: 'Слишком много сообщений, подождите' });
// Template library — MUST be before /:id to avoid shadowing
router.get('/admin/active', ...teacher, c.adminGetActiveSessions);
router.get('/admin/sessions', ...teacher, c.adminGetAllSessions);
router.get('/admin/teachers-list', ...teacher, c.adminGetTeachersList);
router.get('/templates', ...teacher, c.getTemplates);
router.delete('/templates/:tid', ...teacher, c.deleteTemplate);
// History — MUST be before /:id to avoid shadowing
router.get('/my/history', ...auth, c.getMyHistory);
router.get('/class/:classId/history', ...auth, c.getClassHistory);
// Session lifecycle
router.post('/', ...teacher, c.createSession);
router.get('/online-students', ...teacher, c.getOnlineStudents);
@@ -65,9 +72,13 @@ router.patch('/:id/strokes/:strokeId', ...auth, c.updateStroke);
router.post('/:id/stroke-preview', ...auth, c.previewStroke);
// Multi-page
router.post('/:id/pages', ...teacher, c.addPage);
router.put('/:id/page', ...teacher, c.changePage);
router.patch('/:id/page-template', ...teacher, c.updatePageTemplate);
router.get('/:id/pages', ...auth, c.getPages);
router.post('/:id/pages', ...teacher, c.addPage);
router.put('/:id/page', ...teacher, c.changePage);
router.patch('/:id/page-template', ...teacher, c.updatePageTemplate);
router.patch('/:id/pages/:pageNum/name', ...teacher, c.renamePage);
router.post('/:id/pages/:pageNum/duplicate', ...teacher, c.duplicatePage);
router.delete('/:id/pages/:pageNum', ...teacher, c.deletePage);
// Hand raise
router.post('/:id/hand', ...auth, c.raiseHand);
@@ -82,6 +93,12 @@ router.post('/:id/mute', ...teacher, c.mutePeer);
router.post('/:id/screen', ...teacher, c.screenStart);
router.delete('/:id/screen', ...teacher, c.screenStop);
// Simulation: open/close/state/mode for all participants
router.post('/:id/sim', ...teacher, c.simOpen);
router.delete('/:id/sim', ...teacher, c.simClose);
router.post('/:id/sim/state', ...teacher, c.simState);
router.post('/:id/sim/mode', ...teacher, c.simMode);
// Cursor broadcast (all participants)
router.post('/:id/cursor', ...auth, c.broadcastCursor);
@@ -95,10 +112,21 @@ router.delete('/:id/allow-draw/:userId', ...teacher, c.revokeDraw);
// Session notes (per user)
router.get('/:id/notes', ...auth, c.getNotes);
router.put('/:id/notes', ...auth, c.saveNotes);
router.get('/:id/notes/all', ...teacher, c.getAllNotes);
// Session summary & history detail
router.get('/:id/summary', ...auth, c.getSessionSummary);
router.get('/:id/chat/export', ...teacher, c.exportChat);
router.delete('/:id/history', ...teacher, c.deleteHistorySession);
// Save current session as template
router.post('/:id/save-template', ...teacher, c.saveTemplate);
// Load template into current session
router.post('/:id/load-template', ...teacher, c.loadTemplate);
// Guest token (generate/revoke/get)
router.get('/:id/guest-token', ...teacher, c.getGuestToken);
router.post('/:id/guest-token', ...teacher, c.generateGuestToken);
router.delete('/:id/guest-token', ...teacher, c.revokeGuestToken);
module.exports = router;
backend/src/routes/guestClassroom.js
+168
View File
@@ -0,0 +1,168 @@
/**
* Public (no-auth) guest classroom routes.
* Guests access the whiteboard read-only via a token in the URL.
*
* GET /api/classroom/guest/:token — session info (pre-join)
* POST /api/classroom/guest/:token/join — choose display name, get guestId
* GET /api/classroom/guest/:token/strokes — strokes for ?page_num=N
* GET /api/classroom/guest/:token/stream — SSE stream (?guestId=X)
* POST /api/classroom/guest/:token/leave — notify departure (optional)
*/
const router = require('express').Router();
const crypto = require('crypto');
const db = require('../db/db');
const { addGuestClient, removeGuestClient, emitToGuests, emit } = require('../sse');
/* ── In-memory guest registry (cleared on server restart — fine for guests) */
const guests = new Map(); // guestId → { name, sessionId, connectedAt }
/* Helper: look up session by token (active only) */
function sessionByToken(token) {
return db.prepare(
"SELECT id, title, status, current_page, teacher_id FROM classroom_sessions WHERE guest_token=?"
).get(token);
}
/* Helper: emit guest-joined/left to the real participants of the session */
function notifySession(sessionId, data) {
const session = db.prepare('SELECT class_id, teacher_id FROM classroom_sessions WHERE id=?').get(sessionId);
if (!session) return;
const { emit: _emit, emitToClass } = require('../sse');
if (session.class_id) {
emitToClass(session.class_id, data);
_emit(session.teacher_id, data);
} else {
_emit(session.teacher_id, data);
const invites = db.prepare('SELECT user_id FROM classroom_invites WHERE session_id=?').all(sessionId);
for (const { user_id } of invites) _emit(user_id, data);
}
}
/* ── GET /api/classroom/guest/:token ─── session info (pre-join screen) */
router.get('/:token', (req, res) => {
const session = sessionByToken(req.params.token);
if (!session) return res.status(404).json({ error: 'Ссылка недействительна' });
const pageCount = db.prepare(
'SELECT COUNT(*) AS c FROM classroom_pages WHERE session_id=?'
).get(session.id).c || 1;
res.json({
id: session.id,
title: session.title || 'Онлайн-урок',
status: session.status,
current_page: session.current_page || 1,
page_count: pageCount,
});
});
/* ── POST /api/classroom/guest/:token/join ─── choose name, get guestId */
router.post('/:token/join', (req, res) => {
const session = sessionByToken(req.params.token);
if (!session) return res.status(404).json({ error: 'Ссылка недействительна' });
if (session.status !== 'active')
return res.status(403).json({ error: 'Урок ещё не начался или уже завершён' });
const rawName = (req.body?.name || '').trim().slice(0, 40);
const name = rawName || 'Гость';
const guestId = 'g_' + crypto.randomBytes(12).toString('base64url');
guests.set(guestId, { name, sessionId: session.id, connectedAt: Date.now() });
// Notify real participants that a guest joined
notifySession(session.id, {
type: 'classroom_guest_joined',
sessionId: session.id,
guestId,
guestName: name,
});
const pageCount = db.prepare(
'SELECT COUNT(*) AS c FROM classroom_pages WHERE session_id=?'
).get(session.id).c || 1;
res.json({
guestId,
sessionId: session.id,
title: session.title || 'Онлайн-урок',
current_page: session.current_page || 1,
page_count: pageCount,
});
});
/* ── GET /api/classroom/guest/:token/strokes ─── whiteboard strokes */
router.get('/:token/strokes', (req, res) => {
const session = sessionByToken(req.params.token);
if (!session) return res.status(404).json({ error: 'Ссылка недействительна' });
if (session.status !== 'active')
return res.status(403).json({ error: 'Урок не активен' });
const pageNum = Math.max(1, Number(req.query.page_num) || 1);
const sinceSeq = Number(req.query.since_seq) || 0;
const strokes = sinceSeq > 0
? db.prepare(
'SELECT id, tool, data, seq FROM classroom_strokes WHERE session_id=? AND page_num=? AND seq > ? ORDER BY seq'
).all(session.id, pageNum, sinceSeq)
: db.prepare(
'SELECT id, tool, data, seq FROM classroom_strokes WHERE session_id=? AND page_num=? ORDER BY seq'
).all(session.id, pageNum);
const pageRow = db.prepare(
'SELECT template, name FROM classroom_pages WHERE session_id=? AND page_num=?'
).get(session.id, pageNum);
const parsed = strokes.map(s => ({ ...s, data: JSON.parse(s.data || '{}') }));
res.json({ strokes: parsed, template: pageRow?.template || 'blank', seq: parsed.at(-1)?.seq || 0 });
});
/* ── GET /api/classroom/guest/:token/stream ─── SSE */
router.get('/:token/stream', (req, res) => {
const session = sessionByToken(req.params.token);
if (!session) return res.status(404).end();
if (session.status !== 'active') return res.status(403).end();
const guestId = req.query.guestId;
const guest = guestId ? guests.get(guestId) : null;
res.setHeader('Content-Type', 'text/event-stream');
res.setHeader('Cache-Control', 'no-cache');
res.setHeader('Connection', 'keep-alive');
res.setHeader('X-Accel-Buffering', 'no'); // nginx: disable buffering
res.flushHeaders();
res.write(`data: ${JSON.stringify({ type: 'connected' })}\n\n`);
addGuestClient(session.id, res);
req.on('close', () => {
removeGuestClient(session.id, res);
if (guest) {
guests.delete(guestId);
notifySession(session.id, {
type: 'classroom_guest_left',
sessionId: session.id,
guestId,
guestName: guest.name,
});
}
});
});
/* ── POST /api/classroom/guest/:token/leave ─── explicit goodbye */
router.post('/:token/leave', (req, res) => {
const guestId = req.body?.guestId;
const guest = guestId ? guests.get(guestId) : null;
if (guest) {
guests.delete(guestId);
notifySession(guest.sessionId, {
type: 'classroom_guest_left',
sessionId: guest.sessionId,
guestId,
guestName: guest.name,
});
}
res.json({ ok: true });
});
module.exports = router;
backend/src/server.js
+11 -6
View File
@@ -32,8 +32,9 @@ const flashcardRoutes = require('./routes/flashcards');
const settingsRoutes = require('./routes/settings');
const analyticsRoutes = require('./routes/analytics');
const liveRoutes = require('./routes/live');
const classroomRoutes = require('./routes/classroom');
const gamesRoutes = require('./routes/games');
const classroomRoutes = require('./routes/classroom');
const guestClassroomRoutes = require('./routes/guestClassroom');
const gamesRoutes = require('./routes/games');
const knowledgeMapRoutes = require('./routes/knowledgeMap');
const petRoutes = require('./routes/pet');
const collectionRoutes = require('./routes/collection');
@@ -77,8 +78,8 @@ app.use((_req, res, next) => {
"font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; " +
"img-src 'self' data: blob: https:; " +
"connect-src 'self' https://cdn.jsdelivr.net https://stun.l.google.com; " +
"frame-src https://www.youtube.com https://rutube.ru https://player.vimeo.com; " +
"frame-ancestors 'none'" +
"frame-src 'self' https://www.youtube.com https://rutube.ru https://player.vimeo.com; " +
"frame-ancestors 'self'" +
(isProd ? "; upgrade-insecure-requests" : "")
);
if (isProd) res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
@@ -143,8 +144,9 @@ app.use('/api/search', searchRoutes);
app.use('/api/flashcards', flashcardRoutes);
app.use('/api/settings', settingsRoutes);
app.use('/api/analytics', analyticsRoutes);
app.use('/api/live', liveRoutes);
app.use('/api/classroom', classroomRoutes);
app.use('/api/live', liveRoutes);
app.use('/api/classroom/guest', guestClassroomRoutes); // public — MUST be before /api/classroom
app.use('/api/classroom', classroomRoutes);
app.use('/api/games', gamesRoutes);
app.use('/api/knowledge-map', knowledgeMapRoutes);
app.use('/api/pet', petRoutes);
@@ -308,6 +310,9 @@ app.use((_req, res) => res.status(404).sendFile(path.join(frontendDir, '404.html
const server = app.listen(PORT, () => logger.info(`Server running on port ${PORT}`, { env: config.NODE_ENV }));
/* ── WebSocket server for low-latency classroom events (cursor + preview) ── */
require('./ws-server').attach(server);
/* ── Graceful shutdown ── */
function shutdown(signal) {
logger.info(`${signal} received — shutting down gracefully`);
backend/src/sse.js
+37 -2
View File
@@ -1,5 +1,6 @@
/* ── SSE registry — shared between controllers ─────────────────────────── */
const clients = new Map(); // userId -> Set<res>
const clients = new Map(); // userId -> Set<res>
const guestClients = new Map(); // sessionId -> Set<res>
const db = require('./db/db');
function addClient(userId, res) {
@@ -34,6 +35,15 @@ setInterval(() => {
}
if (conns.size === 0) clients.delete(userId);
}
for (const [sessionId, conns] of guestClients) {
for (const res of conns) {
try {
if (res.writableEnded || res.destroyed) { conns.delete(res); continue; }
res.write(': heartbeat\n\n');
} catch { conns.delete(res); }
}
if (conns.size === 0) guestClients.delete(sessionId);
}
}, 30_000).unref();
/* Broadcast to all members of a class */
@@ -42,9 +52,34 @@ function emitToClass(classId, data) {
for (const { user_id } of members) emit(user_id, data);
}
/* ── Guest SSE (session-scoped, no userId) ── */
function addGuestClient(sessionId, res) {
if (!guestClients.has(sessionId)) guestClients.set(sessionId, new Set());
guestClients.get(sessionId).add(res);
}
function removeGuestClient(sessionId, res) {
const set = guestClients.get(sessionId);
if (!set) return;
set.delete(res);
if (set.size === 0) guestClients.delete(sessionId);
}
function emitToGuests(sessionId, data) {
const set = guestClients.get(sessionId);
if (!set?.size) return;
const payload = `data: ${JSON.stringify(data)}\n\n`;
for (const res of set) {
try { res.write(payload); } catch {}
}
}
/* Returns array of user IDs currently connected via SSE */
function getOnlineUserIds() {
return [...clients.keys()];
}
module.exports = { addClient, removeClient, emit, emitToClass, getOnlineUserIds };
module.exports = {
addClient, removeClient, emit, emitToClass, getOnlineUserIds,
addGuestClient, removeGuestClient, emitToGuests,
};
backend/src/ws-server.js
+159
View File
@@ -0,0 +1,159 @@
/**
* WebSocket server for low-latency real-time classroom events.
*
* Handles two message types from clients:
* { type:'cursor', sessionId, x, y, pageNum }
* { type:'preview', sessionId, liveId, tool, data, pageNum, cancel }
*
* Auth: JWT token in ?token= query param on upgrade request.
* Forwards events via SSE to session participants (no DB write).
*
* This replaces the HTTP POST /cursor and /stroke-preview endpoints
* for connected clients, reducing per-event latency from ~50-120ms to ~2-5ms.
*/
const { WebSocketServer } = require('ws');
const jwt = require('jsonwebtoken');
const db = require('./db/db');
const { emit, emitToGuests } = require('./sse');
/* ── Session member cache (avoids DB query per WS message) ────────────── */
const _cache = new Map(); // sessionId → { teacherId, classId, userIds, ts }
const CACHE_TTL = 30_000;
function _getMembers(sessionId) {
const c = _cache.get(sessionId);
if (c && Date.now() - c.ts < CACHE_TTL) return c;
const session = db.prepare(
"SELECT class_id, teacher_id FROM classroom_sessions WHERE id=? AND status='active'"
).get(sessionId);
if (!session) { _cache.delete(sessionId); return null; }
let userIds;
if (session.class_id) {
const members = db.prepare('SELECT user_id FROM class_members WHERE class_id=?').all(session.class_id);
userIds = [session.teacher_id, ...members.map(m => m.user_id)];
} else {
const invites = db.prepare('SELECT user_id FROM classroom_invites WHERE session_id=?').all(sessionId);
userIds = [session.teacher_id, ...invites.map(i => i.user_id)];
}
const entry = { teacherId: session.teacher_id, classId: session.class_id, userIds, ts: Date.now() };
_cache.set(sessionId, entry);
return entry;
}
function _invalidateSession(sessionId) {
_cache.delete(sessionId);
}
/* Forward serialized SSE payload to all session members */
function _broadcast(sessionId, data, includeGuests) {
const members = _getMembers(sessionId);
if (!members) return;
for (const uid of members.userIds) emit(uid, data);
if (includeGuests) emitToGuests(sessionId, data);
}
/* Check draw permissions (teacher always can; students need explicit grant) */
const _drawCache = new Map(); // `${sessionId}:${userId}` → { allowed, ts }
const DRAW_TTL = 10_000;
function _canDraw(sessionId, userId, members) {
if (!members) return false;
if (members.teacherId === userId) return true;
const key = `${sessionId}:${userId}`;
const c = _drawCache.get(key);
if (c && Date.now() - c.ts < DRAW_TTL) return c.allowed;
const allowed = !!db.prepare(
'SELECT 1 FROM classroom_draw_permissions WHERE session_id=? AND user_id=?'
).get(sessionId, userId);
_drawCache.set(key, { allowed, ts: Date.now() });
return allowed;
}
/* ── WebSocket server ──────────────────────────────────────────────────── */
function attach(httpServer) {
const wss = new WebSocketServer({ server: httpServer, path: '/ws' });
wss.on('connection', (ws, req) => {
/* ── Auth ── */
let user = null;
try {
const url = new URL(req.url, 'http://localhost');
const token = url.searchParams.get('token') || '';
user = jwt.verify(token, process.env.JWT_SECRET, { algorithms: ['HS256'] });
} catch {
ws.close(4001, 'Unauthorized');
return;
}
ws.userId = user.id;
ws.userName = user.name || user.email || '';
ws.isAlive = true;
ws.on('pong', () => { ws.isAlive = true; });
ws.on('message', raw => {
let msg;
try { msg = JSON.parse(raw); } catch { return; }
const { type, sessionId } = msg;
if (!sessionId || typeof sessionId !== 'number') return;
/* ── cursor broadcast ── */
if (type === 'cursor') {
const members = _getMembers(sessionId);
if (!members || !members.userIds.includes(ws.userId)) return;
_broadcast(sessionId, {
type: 'classroom_cursor',
sessionId,
x: msg.x,
y: msg.y,
pageNum: msg.pageNum || 1,
userId: ws.userId,
userName: ws.userName,
}, true);
/* ── stroke preview broadcast ── */
} else if (type === 'preview') {
const members = _getMembers(sessionId);
if (!members) return;
if (!_canDraw(sessionId, ws.userId, members)) return;
const liveId = msg.liveId;
if (!liveId && !msg.cancel) return;
_broadcast(sessionId, {
type: 'classroom_stroke_preview',
sessionId,
pageNum: msg.pageNum || 1,
liveId,
tool: msg.tool,
data: msg.data,
cancel: msg.cancel || false,
userId: ws.userId,
userName: ws.userName,
}, true);
}
});
ws.on('error', () => {});
ws.on('close', () => {});
});
/* ── Ping/pong keepalive ── */
const pingTimer = setInterval(() => {
for (const ws of wss.clients) {
if (!ws.isAlive) { ws.terminate(); continue; }
ws.isAlive = false;
try { ws.ping(); } catch {}
}
}, 30_000);
wss.on('close', () => clearInterval(pingTimer));
return wss;
}
module.exports = { attach, invalidateSession: _invalidateSession };