feat: implement separate login flows for staff and students (AP-15)#4
Merged
AlexVOiceover merged 10 commits intomainfrom Dec 26, 2025
Merged
Conversation
- Add session.ts with getSession/setSession/clearSession utilities - Move route protection from page-level to hooks.server.ts - Protect /admin/* (staff only) and /checkin (any auth) - Simplify admin page.server.ts (hooks handle protection) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create /login page with magic link form - Update verify endpoint to use session helper and support redirect param - Update logout endpoint to use session helper - Update login endpoint to pass redirect param to magic link - Add login/admin links to home page - Document route protection in report.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add findStaffByEmail() - checks Staff table only - Add findApprenticeByEmail() - checks Apprentices table only - Mark findUserByEmail as deprecated - Prep for separate staff/student login endpoints 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- POST /api/auth/staff/login - Checks Staff table only via findStaffByEmail() - Returns 401 if email not in staff directory - Generates magic link with type: 'staff' 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- POST /api/auth/student/login - Checks Apprentices table only via findApprenticeByEmail() - Returns 401 if email not found - Generates magic link with type: 'student' 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create /admin/login page for staff authentication - POST to /api/auth/staff/login - Default redirect to /admin after login 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- POST to /api/auth/student/login - Update title and heading to "Student Login" - Update help text for students 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Exclude /admin/login from admin route protection - Redirect unauthenticated admin access to /admin/login - Define AUTH_ROUTES for both login pages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replaced by separate /api/auth/staff/login and /api/auth/student/login 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- hooks.server.spec.ts: 11 tests for admin/protected/login redirects - staff/login/server.spec.ts: 3 tests for staff login endpoint - student/login/server.spec.ts: 3 tests for student login endpoint 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/loginfor students,/admin/loginfor staff/api/auth/student/loginand/api/auth/staff/loginfindStaffByEmail()andfindApprenticeByEmail()Changes
findUserByEmailinto separate staff/apprentice functions/admin/loginpage +/api/auth/staff/loginendpoint/loginpage +/api/auth/student/loginendpointTest plan
npm run test- 28 tests passnpm run lint- passes/admin/login/login/admin/login/adminRelated
Closes AP-15