JavaScript-Mastery-Pro · Tiin0 · Apr 19, 2026 · Apr 19, 2026 · Apr 19, 2026 · coderabbitai
diff --git a/app/api/grades/route.ts b/app/api/grades/route.ts
@@ -48,7 +48,7 @@ export async function GET(req: NextRequest) {
     return NextResponse.json(grades)
   } catch (error) {
     console.error('GET /api/grades error:', error instanceof Error ? error.message : error)
-    return NextResponse.json({ error: error instanceof Error ? error.stack : 'Internal server error' }, { status: 500 })
+    return NextResponse.json({ error:'Internal server error' }, { status: 500 })
   }
 }
 
@@ -67,13 +67,13 @@ export async function POST(req: NextRequest) {
     }
 
     const parsed = GradeSchema.safeParse(body)
-    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+    if (!parsed.success) return NextResponse.json({ error: parsed.error }, { status: 400 })
-    const parsed = GradeSchema.safeParse(body)
-    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
-    if (!parsed.success) return NextResponse.json({ error: parsed.error }, { status: 400 })
+    const parsed = GradeSchema.safeParse(body)
+    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
-    const parsed = GradeSchema.safeParse(body)
-    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
-    if (!parsed.success) return NextResponse.json({ error: parsed.error }, { status: 400 })
+    const parsed = GradeSchema.safeParse(body)
+    if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
 
     const data = parsed.data
     const max = data.maxMarks!
-    const term = data.term ?? 'Term 1'
-    
-    const grade = Grade.findOneAndUpdate(
+    const term = data.term ?? 'Term 1'    
+
+    const grade = await Grade.findOneAndUpdate(
       { teacherId: userId, studentId: data.studentId, subject: data.subject, term },
       { $set: { ...data, term, teacherId: userId, grade: calcGrade(data.marks, max) } },
       { upsert: true, new: true }
@@ -83,6 +83,6 @@ export async function POST(req: NextRequest) {
     if (error instanceof Error) {
       console.error('POST /api/grades error:', error.message)
     }
-    return NextResponse.json({ error: error instanceof Error ? error.stack : 'Internal server error' }, { status: 500 })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }
diff --git a/app/api/profile/route.ts b/app/api/profile/route.ts
@@ -7,32 +7,40 @@ export async function GET(req: NextRequest) {
   const { searchParams } = new URL(req.url)
   const queryUserId = searchParams.get('userId')
 
-  let userId: string | null = queryUserId
+  // 1. Identificazione utente
+  const session = await auth()
+  const userId = queryUserId || session?.userId
+
   if (!userId) {
-    const session = await auth()
-    userId = session.userId
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  // 1. Identificazione utente
-  const session = await auth()
-  const userId = queryUserId || session?.userId
-
-  if (!userId) {
-    const session = await auth()
-    userId = session.userId
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  // 1. Identificazione utente
+  const { userId: sessionUserId } = await auth()
+
+  if (!sessionUserId) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  if (queryUserId && queryUserId !== sessionUserId) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const userId = queryUserId ?? sessionUserId
-  // 1. Identificazione utente
-  const session = await auth()
-  const userId = queryUserId || session?.userId
-
-  if (!userId) {
-    const session = await auth()
-    userId = session.userId
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  // 1. Identificazione utente
+  const { userId: sessionUserId } = await auth()
+
+  if (!sessionUserId) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  if (queryUserId && queryUserId !== sessionUserId) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const userId = queryUserId ?? sessionUserId
   }
-  if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
 
   try {
     await connectDB()
+
     let teacher = await Teacher.findOne({ clerkId: userId }).lean()
 
     if (!teacher) {
       const clerkUser = await currentUser()
-      const created = await Teacher.create({
+
+      if (!clerkUser) {
+        return NextResponse.json({ error: 'User data not found' }, { status: 404 })
+      }
+
+      const newTeacher = await Teacher.create({
         clerkId: userId,
-        name: clerkUser?.fullName ?? '',
-        email: clerkUser?.emailAddresses[0]?.emailAddress ?? '',
+        name: `${clerkUser.firstName ?? ''} ${clerkUser.lastName ?? ''}`.trim() || 'Anonymous',
+        email: clerkUser.emailAddresses[0]?.emailAddress ?? '',
         department: '',
         subjects: [],
       })
-      teacher = created.toObject()
+
+      teacher = JSON.parse(JSON.stringify(newTeacher))
-    let teacher = await Teacher.findOne({ clerkId: userId }).lean()
-
-    if (!teacher) {
-      const clerkUser = await currentUser()
-      const created = await Teacher.create({
-      
-      if (!clerkUser) {
-        return NextResponse.json({ error: 'User data not found' }, { status: 404 })
-      }
-
-      const newTeacher = await Teacher.create({
-        clerkId: userId,
-        name: clerkUser?.fullName ?? '',
-        email: clerkUser?.emailAddresses[0]?.emailAddress ?? '',
-        name: `${clerkUser.firstName ?? ''} ${clerkUser.lastName ?? ''}`.trim() || 'Anonymous',
-        email: clerkUser.emailAddresses[0]?.emailAddress ?? '',
-        department: '',
-        subjects: [],
-      })
-      teacher = created.toObject()
-      
-      teacher = JSON.parse(JSON.stringify(newTeacher))
+    let teacher = await Teacher.findOne({ clerkId: userId }).lean()
+
+    if (!teacher) {
+      const clerkUser = await currentUser()
+      
+      if (!clerkUser) {
+        return NextResponse.json({ error: 'User data not found' }, { status: 404 })
+      }
+
+      teacher = await Teacher.findOneAndUpdate(
+        { clerkId: userId },
+        {
+          $setOnInsert: {
+            clerkId: userId,
+            name: `${clerkUser.firstName ?? ''} ${clerkUser.lastName ?? ''}`.trim() || 'Anonymous',
+            email: clerkUser.emailAddresses[0]?.emailAddress ?? '',
+            department: '',
+            subjects: [],
+          },
+        },
+        { new: true, upsert: true, setDefaultsOnInsert: true },
+      ).lean()
-    let teacher = await Teacher.findOne({ clerkId: userId }).lean()
-
-    if (!teacher) {
-      const clerkUser = await currentUser()
-      const created = await Teacher.create({
-      
-      if (!clerkUser) {
-        return NextResponse.json({ error: 'User data not found' }, { status: 404 })
-      }
-
-      const newTeacher = await Teacher.create({
-        clerkId: userId,
-        name: clerkUser?.fullName ?? '',
-        email: clerkUser?.emailAddresses[0]?.emailAddress ?? '',
-        name: `${clerkUser.firstName ?? ''} ${clerkUser.lastName ?? ''}`.trim() || 'Anonymous',
-        email: clerkUser.emailAddresses[0]?.emailAddress ?? '',
-        department: '',
-        subjects: [],
-      })
-      teacher = created.toObject()
-      
-      teacher = JSON.parse(JSON.stringify(newTeacher))
+    let teacher = await Teacher.findOne({ clerkId: userId }).lean()
+
+    if (!teacher) {
+      const clerkUser = await currentUser()
+      
+      if (!clerkUser) {
+        return NextResponse.json({ error: 'User data not found' }, { status: 404 })
+      }
+
+      teacher = await Teacher.findOneAndUpdate(
+        { clerkId: userId },
+        {
+          $setOnInsert: {
+            clerkId: userId,
+            name: `${clerkUser.firstName ?? ''} ${clerkUser.lastName ?? ''}`.trim() || 'Anonymous',
+            email: clerkUser.emailAddresses[0]?.emailAddress ?? '',
+            department: '',
+            subjects: [],
+          },
+        },
+        { new: true, upsert: true, setDefaultsOnInsert: true },
+      ).lean()
     }
 
     return NextResponse.json(teacher)
   } catch (error) {
-    console.error('GET /api/profile error:', error instanceof Error ? error.message : error)
+    console.error('GET /api/profile error:', error)
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }

diff --git a/app/dashboard/grades/GradesClient.tsx b/app/dashboard/grades/GradesClient.tsx
@@ -208,13 +208,14 @@ export function GradesClient() {
     () =>
       subjects.map((subject) => {
         const sg = gradesBySubject[subject];
-        const avg =
+        let avg =
           sg.length > 0
-            ? Math.round(
-                sg.reduce((s, g) => s + pct(g.marks, g.maxMarks), 0) /
-                  sg.length,
-              )
-            : 0;
+            ? 
+            sg.reduce((s, g) => s + pct(g.marks, g.maxMarks), 0) / sg.length
+            : 0
+
+        avg = Number(avg.toFixed(2));
+
         return {
           subject: subject.length > 10 ? subject.slice(0, 10) + "…" : subject,
           avg,