Development to Main Diff

.claude/CLAUDE.md

@@ -109,6 +109,7 @@ Always reference these instructions first and fallback to search or bash command
 - MariaDB: Configure MARIADB, MARIADBNAME, MARIADBUSER, MARIADBPASSWORD in `.env`
 - TinyPEN API: Configure TINYPEN in `.env`
 - Default configurations in `config.env` point to localhost development services
+- MongoDB Collections: TPENPROJECTS, TPENGROUPS, TPENUSERS, TPENCOLUMNS (configured in `config.env`)
 
 ### Development Workflow
 1. Always start with: `cp .env.development .env && npm install`
@@ -151,6 +152,12 @@ Required for database functionality:
 - `MARIADB` (MariaDB host)
 - `MARIADBNAME`, `MARIADBUSER`, `MARIADBPASSWORD` (MariaDB credentials)
 
+MongoDB collection names (configured in `config.env`):
+- `TPENPROJECTS` (default: projects) - Project documents collection
+- `TPENGROUPS` (default: groups) - User groups collection
+- `TPENUSERS` (default: users) - User profiles collection
+- `TPENCOLUMNS` (default: columns) - Column annotations collection
+
 Required for authentication:
 - `AUDIENCE` (Auth0 audience)
 - `DOMAIN` (Auth0 domain)

.github/copilot-instructions.md

@@ -136,6 +136,7 @@ This allows developers to work immediately with sensible defaults while keeping
 - MariaDB: Configure MARIADB, MARIADBNAME, MARIADBUSER, MARIADBPASSWORD in `.env`
 - TinyPEN API: Configure TINYPEN in `.env`
 - Default configurations in `config.env` point to localhost development services
+- MongoDB Collections: TPENPROJECTS, TPENGROUPS, TPENUSERS, TPENCOLUMNS (configured in `config.env`)
 
 ### Development Workflow
 
@@ -181,6 +182,13 @@ Required for database functionality:
 - `MARIADB` (MariaDB host)
 - `MARIADBNAME`, `MARIADBUSER`, `MARIADBPASSWORD` (MariaDB credentials)
 
+MongoDB collection names (configured in `config.env`):
+
+- `TPENPROJECTS` (default: projects) - Project documents collection
+- `TPENGROUPS` (default: groups) - User groups collection
+- `TPENUSERS` (default: users) - User profiles collection
+- `TPENCOLUMNS` (default: columns) - Column annotations collection
+
 Required for authentication:
 
 - `AUDIENCE` (Auth0 audience)

.github/workflows/cd_dev.yaml

@@ -40,7 +40,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "^22.20.0"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:

.github/workflows/cd_prod.yaml

@@ -40,7 +40,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "^22.20.0"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:

.github/workflows/ci_dev.yaml

@@ -34,7 +34,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "^22.20.0"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:

.github/workflows/ci_prod.yaml

@@ -34,7 +34,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "^22.20.0"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:

.github/workflows/test_pushes.yaml

@@ -52,7 +52,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "^22.20.0"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:

API.md

@@ -248,20 +248,35 @@ Users can always see and manipulate their own profile. The profile object is a p
 - **Description**: Retrieve a list of projects the authenticated user is a member of.
 - **Responses**:
 
-    - **200**: Projects found
+    - **200**: Projects found (or empty list if user has no projects)
         ```json
-        [
-            {
-                "_id": "hexstring",
-                "label": "string",
-                "roles": ["string"]
-            }, ...
-        ]
+        {
+            "metrics": {
+                "newest": "project:hexstring/page:hexstring",
+                "lastModified": "project:hexstring/page:hexstring",
+                "myRecent": "hexstring"
+            },
+            "projects": [
+                {
+                    "_id": "hexstring",
+                    "label": "string",
+                    "roles": ["string"]
+                }, ...
+            ]
+        }
+        ```
+
+        When the user has no projects, returns:
+        ```json
+        {
+            "metrics": null,
+            "projects": []
+        }
         ```
     - **401**: Unauthorized
     - **500**: Server error
 
-The response is a list of projects the user is a member of regardless of the permissions afforded to them in each project.
+The response includes a list of projects the user is a member of regardless of the permissions afforded to them in each project, along with metrics about the newest and most recently modified projects.
 
 #### `GET /user/:id`
 
@@ -406,3 +421,65 @@ Note that you may not empty the canvases of an existing layer.  If the `canvases
         }
         ```
     - **500**: Server error
+
+#### `GET /project/:projectId/page/:pageid/resolved`
+
+- **Description**: Get a fully resolved page with complete annotation data from RERUM. This endpoint resolves all annotation references in the page's items array by fetching the full annotation objects from RERUM which will include the Annotation body.
+- **Parameters**:
+  - `projectId`: ID of the project.
+  - `pageId`: The ID of the page.
+
+- **Responses**:
+
+    - **200**: Page found with fully resolved annotations
+        ```json
+        {
+            "@context": "http://www.w3.org/ns/anno.jsonld",
+            "id": "string",
+            "type": "AnnotationPage",
+            "label": {
+                "none":[
+                    "TPEN3 Page"
+                ]
+            },
+            "target": "string",
+            "items": [
+                {
+                    "@context": "http://iiif.io/api/presentation/3/context.json",
+                    "id": "string",
+                    "type": "Annotation",
+                    "motivation": "transcribing",
+                    "target": {
+                        "source": "string",
+                        "type": "SpecificResource",
+                        "selector": {
+                            "type": "FragmentSelector",
+                            "value": "string"
+                        }
+                    },
+                    "creator": "string",
+                    "body": {
+                        "type": "TextualBody",
+                        "value": "string",
+                        "format": "text/plain"
+                    },
+                    "_createdAt": "timestamp",
+                    "_modifiedAt": "timestamp",
+                    "__rerum": {
+                        "@context": "http://store.rerum.io/v1/context.json",
+                        "createdAt": "timestamp",
+                        "isOverwritten": "string"
+                    }
+                }
+            ],
+            "partOf": [{"type":"Collection"}],
+            "prev": "string",
+            "next": "string",
+            "_createdAt": "timestamp",
+            "_modifiedAt": "timestamp"
+        }
+        ```
+    - **404**: Page not found
+    - **500**: Server error
+
+**Note**: This endpoint is useful when you need complete annotation data in a single request instead of making multiple API calls to fetch individual annotations from RERUM. The annotations are resolved in parallel for better performance.

README.md

@@ -99,4 +99,3 @@ For production deployments:
 4. Never commit production secrets to the repository
 
 See [CONFIG.md](./CONFIG.md) for detailed deployment instructions.
-

__tests__/mount.test.js

@@ -191,6 +191,10 @@ describe('Check to see that all expected route patterns exist. #exists_unit', ()
     it('GET /project/:projectId/collaborator/:collaboratorId/decline -- decline project invitation', () => {
       expect(routeExists('/:projectId/collaborator/:collaboratorId/decline', 'get')).toBe(true)
     })
+
+    it('POST /project/:projectId/leave -- member leave project', () => {
+      expect(routeExists('/:id/leave', 'post')).toBe(true)
+    })
   })
 
   describe('Project custom roles routes', () => {

app.js

@@ -21,6 +21,8 @@ import userProfileRouter from './userProfile/index.js'
 import privateProfileRouter from './userProfile/privateProfile.js'
 import proxyRouter from './utilities/proxy.js'
 import feedbackRouter from './feedback/feedbackRoutes.js'
+import routeErrorHandler from './utilities/routeErrorHandler.js'
+import { respondWithError } from './utilities/shared.js'
 
 let app = express()
 
@@ -65,10 +67,11 @@ app.use(express.static(path.join(__dirname, 'public')))
  */
 app.all('*_', (req, res, next) => {
   if (process.env.DOWN === 'true') {
-    return res.status(503).json({
-      message:
-        'TPEN3 services are down for updates or maintenance at this time.  We apologize for the inconvenience.  Try again later.'
-    })
+    return respondWithError(
+      res,
+      503,
+      'TPEN3 services are down for updates or maintenance at this time.  We apologize for the inconvenience.  Try again later.'
+    )
   }
   next()
 })
@@ -82,9 +85,12 @@ app.use('/my', privateProfileRouter)
 app.use('/proxy', proxyRouter)
 app.use('/beta', feedbackRouter)
 
+// Centralized error handling middleware
+app.use(routeErrorHandler)
+
 //catch 404 because of an invalid site path
 app.use('*_', (req, res) => {
-  res.status(404).json({ message: res.statusMessage ?? 'This page does not exist' })
+  return respondWithError(res, 404, res.statusMessage ?? 'This page does not exist')
 })
 
 export { app as default }

auth/index.js

@@ -1,7 +1,5 @@
 import { auth } from "express-oauth2-jwt-bearer"
-import { extractToken, extractUser, isTokenExpired } from "../utilities/token.js"
 import User from "../classes/User/User.js"
-
 /**
  * This function verifies authorization tokens using Auth0 library. to protect a route using this function in a different component:
   1. import the function in that component
@@ -17,7 +15,7 @@ function auth0Middleware() {
     issuerBaseURL: `https://${process.env.DOMAIN}/`,
   })
 
-  // Extract user from the token and set req.user. req.user can be set to specific info from the payload, like sib, roles, etc.
+  // Extract user from the token and set req.user. req.user can be set to specific info from the payload, like sub, roles, etc.
   async function setUser(req, res, next) {
     const { payload } = req.auth
 
@@ -32,24 +30,67 @@ function auth0Middleware() {
     try {
       const uid = agent.split("id/")[1]
       const user = new User(uid)
-      user.getSelf().then(async (u) => {
-        if(!u || !u?.profile) {
+      const u = await user.getSelf()
+      if(!u || !u?.profile) {
+        const email = payload.name
+
+        // Check if a temporary user exists with this email
+        let existingUser = null
+        try {
+          existingUser = await user.getByEmail(email)
+        } catch (err) {
+          // No user found - that's fine, continue
+        }
+
+        if (existingUser && existingUser.inviteCode) {
+          // Found a temporary user - merge their memberships into this new user
           user.data = {
             _id: uid,
             agent,
             _sub: payload.sub,
-            email: payload.name,
+            email: email,
             profile: { displayName: payload.nickname },
           }
-          user.save()
+          await user.mergeFromTemporaryUser(existingUser)
+          await user.save()
+          req.user = user
+          next()
+          return
+        } else if (existingUser) {
+          // Non-temporary user with same email - this is a conflict
+          const err = new Error(`User with email ${email} already exists. Please contact TPEN3 administrators for assistance.`)
+          err.status = 409
+          next(err)
+          return
+        } else {
+          // No existing user - create new
+          user.data = {
+            _id: uid,
+            agent,
+            _sub: payload.sub,
+            email: email,
+            profile: { displayName: payload.nickname },
+          }
+          await user.save()
           req.user = user
           next()
           return
         }
-        req.user = u
-        next()
-        return
-      })
+      }
+       // Ensure no inviteCode on authenticated user
+      delete u.inviteCode
+
+      // If user exists but has wrong _sub (e.g., from temp user), update it
+      if (u._sub !== payload.sub) {
+        u._sub = payload.sub
+        const userObj = new User(uid)
+        userObj.data = u
+        await userObj.update()
+      }
+
+      req.user = u
+      next()
+      return
     } catch (error) {
       next(error)
     }