From aabcea3aeb9c1ac4d127a18fc0acc4fa5ad73f32 Mon Sep 17 00:00:00 2001
From: DrMesta103 <ceo@sepand.company>
Date: Fri, 12 Jun 2026 10:53:14 +0330
Subject: [PATCH] fix: JSON parsing for user roles and offline counting sync

---
 src/app/api/auth/login/route.js                 | 7 ++++++-
 src/app/api/auth/webauthn/login/verify/route.js | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/app/api/auth/login/route.js b/src/app/api/auth/login/route.js
index d9d0a9b..f0ca1ed 100644
--- a/src/app/api/auth/login/route.js
+++ b/src/app/api/auth/login/route.js
@@ -24,7 +24,12 @@ export async function POST(req) {
       return Response.json({ error: 'رمز عبور اشتباه است.' }, { status: 401 });
     }
 
-    let userRoles = Array.isArray(user.roles) ? user.roles : (user.role === 'ADMIN' ? ['ADMIN'] : ['COUNTER']);
+    let parsedRoles = user.roles;
+    if (typeof parsedRoles === 'string') {
+      try { parsedRoles = JSON.parse(parsedRoles); } catch (e) { parsedRoles = null; }
+    }
+    
+    let userRoles = Array.isArray(parsedRoles) ? parsedRoles : (user.role === 'ADMIN' ? ['ADMIN'] : ['COUNTER']);
 
     const token = signToken({ id: user.id, username: user.username, name: user.name, orgId: user.orgId, roles: userRoles, role: user.role });
 
diff --git a/src/app/api/auth/webauthn/login/verify/route.js b/src/app/api/auth/webauthn/login/verify/route.js
index 1060195..101dd3e 100644
--- a/src/app/api/auth/webauthn/login/verify/route.js
+++ b/src/app/api/auth/webauthn/login/verify/route.js
@@ -41,7 +41,12 @@ export async function POST(req) {
         where: { id: authenticator.id },
         data: { counter: BigInt(verification.authenticationInfo.newCounter) }
       });
-      let userRoles = Array.isArray(user.roles) ? user.roles : (user.role === 'ADMIN' ? ['ADMIN'] : ['COUNTER']);
+      let parsedRoles = user.roles;
+    if (typeof parsedRoles === 'string') {
+      try { parsedRoles = JSON.parse(parsedRoles); } catch (e) { parsedRoles = null; }
+    }
+    
+    let userRoles = Array.isArray(parsedRoles) ? parsedRoles : (user.role === 'ADMIN' ? ['ADMIN'] : ['COUNTER']);
       const token = signToken({ id: user.id, username: user.username, name: user.name, roles: userRoles, role: user.role });
       return NextResponse.json({ verified: true, token, user: { id: user.id, name: user.name, roles: userRoles, role: user.role } });
     }