JavaScript-Mastery-Pro · chrollo-lucifer-12 · Apr 18, 2026 · Apr 18, 2026 · Apr 18, 2026 · Apr 18, 2026
diff --git a/app/api/announcements/route.ts b/app/api/announcements/route.ts
@@ -1,67 +1,102 @@
-import { auth } from '@clerk/nextjs/server'
-import { NextRequest, NextResponse } from 'next/server'
-import { connectDB } from '@/lib/mongodb'
-import { Announcement } from '@/models/Announcement'
-import { z } from 'zod'
+import { auth } from "@clerk/nextjs/server";
+import { NextRequest, NextResponse } from "next/server";
+import { connectDB } from "@/lib/mongodb";
+import { Announcement } from "@/models/Announcement";
+import { z } from "zod";
 
 const AnnouncementSchema = z.object({
-  title: z.string().min(1),
-  content: z.string().min(1),
-  audience: z.string().optional(),
-  category: z.enum(['academic', 'events', 'admin', 'general']).optional(),
+  title: z.string().trim().min(1),
+  content: z.string().trim().min(1),
-  title: z.string().trim().min(1),
-  content: z.string().trim().min(1),
+  title: z.string().trim().min(1).max(120),
+  content: z.string().trim().min(1).max(5000),
-  title: z.string().trim().min(1),
-  content: z.string().trim().min(1),
+  title: z.string().trim().min(1).max(120),
+  content: z.string().trim().min(1).max(5000),
+  audience: z.enum(["All", "Students", "Staff"]).optional(),
+  category: z.enum(["academic", "events", "admin", "general"]).optional(),
   pinned: z.boolean().optional(),
-})
+});
 
 export async function GET(req: NextRequest) {
-  const { userId } = await auth()
-  if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const { userId } = await auth();
+  if (!userId)
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
 
   try {
-    await connectDB()
-    const { searchParams } = new URL(req.url)
+    await connectDB();
+    const { searchParams } = new URL(req.url);
 
     // Parse and validate limit
-    const limitStr = searchParams.get('limit') ?? '50'
-    let limit = parseInt(limitStr, 10)
+    const limitStr = searchParams.get("limit") ?? "50";
+    let limit = parseInt(limitStr, 10);
     if (!Number.isFinite(limit) || limit <= 0) {
-      limit = 50
+      limit = 50;
     }
-    limit = Math.min(limit, 100) // Cap at 100
+    limit = Math.min(limit, 100); // Cap at 100
 
     const announcements = await Announcement.find({ teacherId: userId })
       .sort({ pinned: -1, createdAt: -1 })
       .limit(limit)
-      .lean()
+      .lean();
 
-    return NextResponse.json(announcements)
+    return NextResponse.json(announcements);
   } catch (error) {
-    console.error('GET /api/announcements error:', error instanceof Error ? error.message : error)
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+    console.error(
+      "GET /api/announcements error:",
+      error instanceof Error ? error.message : error,
+    );
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 },
+    );
   }
 }
 
 export async function POST(req: NextRequest) {
-  const { userId } = await auth()
-  if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const { userId } = await auth();
+  if (!userId)
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
 
   try {
-    await connectDB()
-    let body
+    await connectDB();
+    let body;
     try {
-      body = await req.json()
+      body = await req.json();
     } catch {
-      return NextResponse.json({ error: 'Invalid JSON in request body' }, { status: 400 })
+      return NextResponse.json(
+        { error: "Invalid JSON in request body" },
+        { status: 400 },
+      );
     }
-
-    const parsed = AnnouncementSchema.safeParse(body)
-    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
 
-    const announcement = await Announcement.create({ ...parsed.data, teacherId: userId })
-    return NextResponse.json(announcement, { status: 201 })
+    const recentCount = await Announcement.countDocuments({
+      teacherId: userId,
+      createdAt: { $gte: new Date(Date.now() - 60 * 1000) },
+    });
+
+    if (recentCount > 10) {
+      return NextResponse.json({ error: "Too many requests" }, { status: 429 });
+    }
+
+    const parsed = AnnouncementSchema.safeParse(body);
+    if (!parsed.success)
+      return NextResponse.json(
+        { error: parsed.error.flatten() },
+        { status: 400 },
+      );
+    const data = parsed.data;
+
+    const announcement = await Announcement.create({
+      title: data.title,
+      content: data.content,
+      audience: data.audience ?? "all",
+      category: data.category ?? "general",
+      pinned: data.pinned ?? false,
-    const announcement = await Announcement.create({
-      title: data.title,
-      content: data.content,
-      audience: data.audience ?? "all",
-      category: data.category ?? "general",
-      pinned: data.pinned ?? false,
+    const announcement = await Announcement.create({
+      title: data.title,
+      content: data.content,
+      audience: data.audience ?? "All",
+      category: data.category ?? "general",
+      pinned: data.pinned ?? false,
-    const announcement = await Announcement.create({
-      title: data.title,
-      content: data.content,
-      audience: data.audience ?? "all",
-      category: data.category ?? "general",
-      pinned: data.pinned ?? false,
+    const announcement = await Announcement.create({
+      title: data.title,
+      content: data.content,
+      audience: data.audience ?? "All",
+      category: data.category ?? "general",
+      pinned: data.pinned ?? false,
+      teacherId: userId,
+    });
+    return NextResponse.json(announcement, { status: 201 });
   } catch (error) {
     if (error instanceof Error) {
-      console.error('POST /api/announcements error:', error.message)
+      console.error("POST /api/announcements error:", error.message);
     }
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 },
+    );
   }
 }
diff --git a/app/api/assignments/route.ts b/app/api/assignments/route.ts
@@ -1,91 +1,120 @@
-import { auth } from '@clerk/nextjs/server'
-import { NextRequest, NextResponse } from 'next/server'
-import { connectDB } from '@/lib/mongodb'
-import { Assignment } from '@/models/Assignment'
-import { z } from 'zod'
+import { auth } from "@clerk/nextjs/server";
+import { NextRequest, NextResponse } from "next/server";
+import { connectDB } from "@/lib/mongodb";
+import { Assignment } from "@/models/Assignment";
+import { z } from "zod";
 
 const AssignmentSchema = z.object({
-  title: z.string().min(1),
-  description: z.string().optional(),
-  subject: z.string().min(1),
-  class: z.string().min(1),
-  deadline: z.string().min(1),
-  maxMarks: z.number().min(1).optional(),
-  status: z.enum(['active', 'closed']).optional(),
-  kanbanStatus: z.enum(['todo', 'in_progress', 'submitted']).optional(),
-})
+  title: z.string().trim().min(1),
+  description: z.string().trim().optional(),
+  subject: z.string().trim().min(1),
+  class: z.string().trim().min(1),
+  deadline: z.coerce.date(),
+  maxMarks: z.coerce.number().min(1).optional(),
+  status: z.enum(["active", "closed"]).default("active"),
+  kanbanStatus: z.enum(["todo", "in_progress", "submitted"]).default("todo"),
+});
 
 export async function GET(req: NextRequest) {
-  const { userId } = await auth()
-  if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const { userId } = await auth();
+  if (!userId)
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
 
   try {
-    await connectDB()
-    const { searchParams } = new URL(req.url)
-    const status = searchParams.get('status')
-    
+    await connectDB();
+    const { searchParams } = new URL(req.url);
+    const status = searchParams.get("status");
+
     // Parse and validate pagination
-    const pageStr = searchParams.get('page') ?? '1'
-    const limitStr = searchParams.get('limit') ?? '20'
-
-    let page = parseInt(pageStr, 10)
-    let limit = parseInt(limitStr, 10)
-
-    if (!Number.isFinite(page) || page < 1) page = 1
-    if (!Number.isFinite(limit) || limit < 1) limit = 20
-    limit = Math.min(limit, 100) // Cap at 100
+    const pageStr = searchParams.get("page") ?? "1";
+    const limitStr = searchParams.get("limit") ?? "20";
+
+    let page = parseInt(pageStr, 10);
+    let limit = parseInt(limitStr, 10);
 
-    const query: Record<string, unknown> = { teacherId: userId }
-    if (status) query.status = status
+    if (!Number.isFinite(page) || page < 1) page = 1;
+    if (!Number.isFinite(limit) || limit < 1) limit = 20;
+    limit = Math.min(limit, 100); // Cap at 100
+
+    const query: Record<string, unknown> = { teacherId: userId };
+    if (status && !["active", "closed"].includes(status)) {
+      return NextResponse.json({ error: "Invalid status" }, { status: 400 });
+    }
+    if (status) query.status = status;
 
-    const skip = (page - 1) * limit
+    const skip = (page - 1) * limit;
     const assignments = await Assignment.find(query)
       .sort({ createdAt: -1 })
       .skip(skip)
       .limit(limit)
-      .lean()
-
-    const total = await Assignment.countDocuments(query)
+      .lean();
 
-    return NextResponse.json({ assignments, total, page, pages: Math.ceil(total / limit) })
+    const total = await Assignment.countDocuments(query);
+
+    return NextResponse.json({
+      assignments,
+      total,
+      page,
+      pages: Math.ceil(total / limit),
+    });
   } catch (error) {
     if (error instanceof Error) {
-      console.error('GET /api/assignments error:', error.message)
+      console.error("GET /api/assignments error:", error.message);
     }
-    return NextResponse.json({ error: error instanceof Error ? error.stack : 'Internal server error' }, { status: 500 })
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 },
+    );
   }
 }
 
 export async function POST(req: NextRequest) {
-  const { userId } = await auth()
-  if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const { userId } = await auth();
+  if (!userId)
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
 
   try {
-    await connectDB()
-    
-    let body
+    await connectDB();
+
+    let body;
     try {
-      body = await req.json()
+      body = await req.json();
     } catch {
-      return NextResponse.json({ error: 'Invalid JSON in request body' }, { status: 400 })
+      return NextResponse.json(
+        { error: "Invalid JSON in request body" },
+        { status: 400 },
+      );
     }
-
-    const parsed = AssignmentSchema.safeParse(body)
-    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+
+    const parsed = AssignmentSchema.safeParse(body);
+    if (!parsed.success)
+      return NextResponse.json(
+        { error: parsed.error.flatten() },
+        { status: 400 },
+      );
 
     try {
-      const assignment = await Assignment.create({ ...parsed.data, teacherId: userId })
-      return NextResponse.json(assignment, { status: 201 })
+      const assignment = await Assignment.create({
+        ...parsed.data,
+        teacherId: userId,
+      });
+      return NextResponse.json(assignment, { status: 201 });
     } catch (dbError) {
       if (dbError instanceof Error) {
-        console.error('Assignment.create error:', dbError.message)
+        console.error("Assignment.create error:", dbError.message);
       }
-      return NextResponse.json({ error: 'Failed to create assignment' }, { status: 500 })
+      return NextResponse.json(
+        { error: "Failed to create assignment" },
+        { status: 500 },
+      );
     }
   } catch (error) {
     if (error instanceof Error) {
-      console.error('POST /api/assignments error:', error.message)
+      console.error("POST /api/assignments error:", error.message);
     }
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 },
+    );
   }
 }