Fe be/notifications

[Dmytro-Doronin]

Added notification flow

[Copilot]

Pull request overview

Adds an end-to-end notifications flow: backend persistence + REST API + realtime socket emits, and a client-side notification feed with dropdown UI and “return-to” login redirects.

Changes:

• Backend: introduce notification schema/repositories/service/controller/routes and emit notifications on chat messages + appointment status changes.
• Client: add Zustand notification feed store, React Query hooks/mutations, realtime socket listener, and dropdown UI in headers/control panel.
• Auth UX: preserve intended destination via returnTo through sign-in modal and login flows.

Reviewed changes

Copilot reviewed 42 out of 42 changed files in this pull request and generated 16 comments.

Show a summary per file

File	Description
server/src/types/notifications/notifications.types.ts	Defines server-side notification creation input types.
server/src/socket/socket.server.ts	Emits notification:new on chat messages via NotificationService.
server/src/services/notifications/notifications.service.ts	Adds NotificationService facade over command/query repos.
server/src/services/chat/chat.service.ts	Enriches sendMessage result with sender info for notifications.
server/src/routes/notificationsRoute.ts	Adds /api/notifications endpoints (get, mark read, delete read).
server/src/repositories/queryRepositories/notifications.query.ts	Implements querying notifications by user.
server/src/repositories/commandRepositories/notifications.command.ts	Implements create/mark read/delete read operations.
server/src/db/schemes/notification.schema.ts	Adds Mongoose schema/model for notifications.
server/src/controllers/notification.controller.ts	Adds REST controller for notifications operations.
server/src/controllers/auth.controller.ts	Modifies refresh cookie options (secure flag changed).
server/src/controllers/appointment.controller.ts	Emits appointment status notifications to students.
server/src/composition/compositionRoot.ts	Registers notification DI bindings.
server/src/composition/composition.types.ts	Adds notification DI symbols.
server/src/app.ts	Mounts /api/notifications router.
client/src/types/notificationFeed.types.ts	Adds client notification types (currently appears unused).
client/src/styles/theme.css	Adds --color-danger-100.
client/src/store/notificationFeed.store.ts	Adds Zustand store for notification feed + local mark-read.
client/src/store/modals.store.ts	Extends signIn modal payload with optional returnTo.
client/src/router/authRedirect.ts	Adds helper to navigate to login with returnTo state.
client/src/pages/loginPage/LoginPage.tsx	Reads returnTo and passes it into login mutation for redirect.
client/src/layouts/RootLayout.tsx	Hydrates notifications and registers realtime listener.
client/src/hooks/useNotificationsRealtime.ts	Listens for notification:new and appends to store.
client/src/hooks/useHydrateNotifications.tsx	Fetches notifications and hydrates store.
client/src/features/queryKeys.ts	Adds notificationKeys.
client/src/features/notifications/query/useQueryNotifications.ts	Adds notifications query hook.
client/src/features/notifications/mutation/useMutationsNotifications.tsx	Adds “mark all as read” mutation hook.
client/src/features/notifications/mutation/useMarkOneNotificationAsRead.tsx	Adds “mark one as read” mutation hook.
client/src/features/notifications/mutation/useDeleteAllReadNotifications.ts	Adds “delete all read” mutation hook.
client/src/features/auth/mutations/useLoginMutation.ts	Redirects to returnTo after login.
client/src/features/auth/mutations/useGoogleMutation.ts	Redirects to returnTo after Google auth.
client/src/components/ui/button/GoogleAuthButton.tsx	Passes returnTo into Google auth mutation.
client/src/components/ui/badge/Badge.tsx	Adds Badge UI component.
client/src/components/teacherSection/teacherSchedule/TeacherSchedule.tsx	Opens sign-in modal with returnTo when unauthenticated.
client/src/components/notificationBar/NotificationBar.tsx	Adds bell button + dropdown menu wrapper.
client/src/components/modalHost/modalHost.tsx	Passes returnTo payload to SignInConfirmation modal.
client/src/components/icons/Bell.tsx	Adds bell SVG icon.
client/src/components/headerPrivate/TopBar.tsx	Adds notifications dropdown to private top bar.
client/src/components/controlPanel/IndicatorTrigger.tsx	Adds notifications dropdown to control panel header.
client/src/components/controlPanel/ControlPanelTrigger.tsx	Minor import/text cleanup.
client/src/components/auth/signInConfirmation/SignInConfirmation.tsx	Navigates to login with returnTo state.
client/src/components/DropdownNotificationsMenu/DropdownNotificationsMenu.tsx	Implements notifications dropdown UI + mark-read/clear-read actions.
client/src/api/notifications/notifications.api.ts	Adds client API calls for notifications endpoints.

Comments suppressed due to low confidence (3)

server/src/controllers/auth.controller.ts:100

• Refresh token cookies are being set with secure: false unconditionally. This disables the Secure attribute even in production, which allows cookies to be sent over HTTP and increases the risk of token theft. Restore an environment-based condition (e.g., process.env.NODE_ENV === "production") or otherwise ensure secure is true when served over HTTPS.
  server/src/controllers/auth.controller.ts:285
• Refresh token cookie is set with secure: false in Google auth flow. In production this should be secure: true (or conditional) to prevent sending the refresh token over HTTP.
  server/src/controllers/auth.controller.ts:319
• Refresh token cookie is set with secure: false in Google login flow. This should be conditional (or true in production) so the refresh token cookie is only sent over HTTPS.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.