Merge branch 'master' into beta-new

dr3 · web-flow · commit 51ee45678c2a · 2025-09-26T16:43:03.000+01:00
diff --git a/functions/utilities/privacy/debugRouter.js b/functions/utilities/privacy/debugRouter.js
@@ -15,10 +15,11 @@ const {
   acceptedByKey,
   variantModeKey,
   latestTouchKey,
+  ageSetKey
 } = require("./privacyKeys");
-
-// /api/privacy/student/ultra-secret/view (GET)
-// /api/privacy/student/ultra-secret/reset (POST)
+const {
+  getGuardianEmails
+} = require("../getTypeSafeUser");
 
 const userDB = firebase.firestore().collection("users");
 
@@ -39,6 +40,7 @@ const getViewData = (req) => {
     acceptedByKey,
     variantModeKey,
     latestTouchKey,
+    ageSetKey,
     "birthMonth",
     "birthYear",
   ];
@@ -49,6 +51,7 @@ const getViewData = (req) => {
     data[key] = req.user[key] || null;
   });
 
+  data.guardianEmails = getGuardianEmails(req.user) || [];
   data.privacyState = req.user.privacy || null;
   data.isUnderThirteen = isUnderThirteen(req.user);
 
@@ -79,8 +82,8 @@ router.post("/reset", studentMiddleware, async (req, res) => {
     [acceptedByKey]: req.body.acceptedByKey || null,
     [variantModeKey]: req.body.variantMode || null,
     [latestTouchKey]: req.body.latestTouch || null,
-    birthMonth: req.body.birthMonth || "1",
-    birthYear: req.body.birthYear || "2025",
+    birthMonth: req.body.birthMonth || null,
+    birthYear: req.body.birthYear || null,
   };
 
   if (req.body.emails) {
diff --git a/functions/utilities/privacy/privacyKeys.js b/functions/utilities/privacy/privacyKeys.js
@@ -16,6 +16,7 @@ const guardianPrivacyAuthTokenKey = "guardianPrivacyAuthToken";
 const acceptedKey = `${latestPrivacyVersion}-accepted`;
 const acceptedByKey = `${latestPrivacyVersion}-acceptedBy`;
 const variantModeKey = `${latestPrivacyVersion}-variant`;
+const ageSetKey = `${latestPrivacyVersion}-ageSet`;
 
 module.exports = {
   firstSeenKey,
@@ -26,4 +27,5 @@ module.exports = {
   acceptedKey,
   acceptedByKey,
   variantModeKey,
+  ageSetKey
 };
diff --git a/functions/utilities/privacy/router.js b/functions/utilities/privacy/router.js
@@ -12,7 +12,8 @@ const {
   guardianPrivacyAuthTokenKey,
   acceptedKey,
   acceptedByKey,
-  latestTouchKey
+  latestTouchKey,
+  ageSetKey
 } = require("./privacyKeys");
 const debugRouter = require("./debugRouter");
 const {
@@ -175,6 +176,47 @@ router.post("/student/update", studentMiddleware, async (req, res) => {
   }
 });
 
+router.post("/student/update-age", studentMiddleware, async (req, res) => {
+  try {
+    const month = req.body.month;
+    const year = req.body.year;
+
+    if (
+      typeof month !== "number" ||
+      month < 1 ||
+      month > 12 ||
+      typeof year !== "number" ||
+      year < 1900 ||
+      year > new Date().getFullYear()
+    ) {
+      return res.status(200).send({
+        success: false,
+        error: "Invalid month or year",
+        data: null,
+      });
+    }
+
+    const updateBody = {
+      birthMonth: String(month),
+      birthYear: String(year),
+      [ageSetKey]: Date.now(),
+    };
+
+    await userDB.doc(req.user.uid).update(updateBody);
+
+    return res
+      .status(200)
+      .send({ success: true, data: updateBody, error: null });
+  } catch (e) {
+    console.error("Failed to update age", req.user.uid, e);
+    return res.status(200).send({
+      success: false,
+      error: "Failed to update age",
+      data: null,
+    });
+  }
+});
+
 router.get("/student/accept", studentMiddleware, async (req, res) => {
   try {
     const updateBody = {
diff --git a/functions/utilities/privacy/utils.js b/functions/utilities/privacy/utils.js
@@ -75,13 +75,42 @@ const shouldRetryPopup = (lastTouched, isUnder13, guardianEmails) => {
   }
 }
 
+const hasValidAge = (email, user) => {
+  try {
+    if (!email.includes("@mcmill.co.uk")) return true; // only enforce for test accounts for now
+    if (user.code) return true; // assume teachers are valid
+
+    const birthYear = getCleanNumber(user?.birthYear);
+    const birthMonth = getCleanNumber(user?.birthMonth);
+
+    if (!birthYear || !birthMonth) return false;
+    if (birthYear < 1900 || birthYear > new Date().getFullYear()) return false;
+    if (birthMonth < 1 || birthMonth > 12) return false;
+
+    return true;
+  } catch {
+    return true; // fail safe
+  }
+}
+
 const getPrivacyState = (email, user) => {
   const isUnder13 = isUnderThirteen(user);
   const variant = getPrivacyVariant(user);
   const guardianEmails = getGuardianEmails(user);
+  const validAge = hasValidAge(email, user);
 
   const useUnder13 = isUnder13 && variant !== 'year8webinar'
 
+  if (!validAge) {
+    // User has invalid age data
+    return {
+      debug: 1,
+      visible: true,
+      mode: "update-age",
+      variant
+    };
+  }
+
   if (user[acceptedKey]) {
     // User has already accepted
     return {
diff --git a/scripts/privacy-reset-bulk.js b/scripts/privacy-reset-bulk.js
@@ -0,0 +1,53 @@
+const fs = require('fs');
+const path = require('path');
+const fb = require('firebase-admin');
+const downloadUsers = require('./utils/downloadUsers');
+const {
+  firstSeenKey,
+  latestTouchKey,
+  dueByKey,
+  userNeedsGuardianTouchKey,
+  guardianPrivacyAuthTokenKey,
+  acceptedKey,
+  acceptedByKey,
+  variantModeKey,
+  ageSetKey
+} = require('../functions/utilities/privacy/privacyKeys');
+const { getGuardianEmails } = require('../functions/utilities/getTypeSafeUser');
+
+const userDb = fb.firestore().collection('users');
+
+const dry = true;
+
+const run = async () => {
+  let users = await downloadUsers();
+  const file = path.join(__dirname, `../private/tmp-users.json`);
+  const accounts = JSON.parse(fs.readFileSync(file)).users;
+
+  for (let a of accounts) {
+    const u = users[a.localId];
+    if (!u) continue;
+
+    const emails = getGuardianEmails(u);
+
+    if (u[userNeedsGuardianTouchKey] && !emails.length) {
+      console.log('Resetting privacy touch for user without guardian email:', a.localId);
+
+      if (!dry) {
+        await userDb.doc(a.localId).set({
+        [firstSeenKey]: fb.firestore.FieldValue.delete(),
+        [latestTouchKey]: fb.firestore.FieldValue.delete(),
+        [dueByKey]: fb.firestore.FieldValue.delete(),
+        [userNeedsGuardianTouchKey]: fb.firestore.FieldValue.delete(),
+        [guardianPrivacyAuthTokenKey]: fb.firestore.FieldValue.delete(),
+        [acceptedKey]: fb.firestore.FieldValue.delete(),
+        [acceptedByKey]: fb.firestore.FieldValue.delete(),
+        [variantModeKey]: fb.firestore.FieldValue.delete(),
+        [ageSetKey]: fb.firestore.FieldValue.delete(),
+      }, {merge: true});
+      }
+    }
+  }
+}
+
+run();
diff --git a/scripts/privacy-reset.js b/scripts/privacy-reset.js
@@ -11,6 +11,7 @@ const {
   acceptedKey,
   acceptedByKey,
   variantModeKey,
+  ageSetKey
 } = require('../functions/utilities/privacy/privacyKeys');
 
 // ---------------------
@@ -51,6 +52,7 @@ const run = async () => {
     [acceptedKey]: fb.firestore.FieldValue.delete(),
     [acceptedByKey]: fb.firestore.FieldValue.delete(),
     [variantModeKey]: fb.firestore.FieldValue.delete(),
+    [ageSetKey]: fb.firestore.FieldValue.delete(),
    }, {merge: true});
 
   console.log(`User "${email}" privacy data deleted`);
