Conversation
There was a problem hiding this comment.
Pull request overview
This is a comprehensive feature update adding JWT refresh token authentication, Google OAuth, real-time notifications via SignalR, friendship management, reactions system, user settings, and pagination. The PR reorganizes domain entities into namespaces, migrates from single access tokens to access/refresh token pairs, adds new UI components including notification bells and avatar displays, and includes significant mobile app improvements.
Changes:
- Authentication system upgraded with refresh tokens and Google OAuth integration
- Real-time notification system added using SignalR with MediatR event dispatching
- Friendship system and reactions (posts/comments/messages) implemented
- Frontend reorganized with new Settings page, pagination, and improved UI components
Reviewed changes
Copilot reviewed 157 out of 161 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/SocialNetwork.Domain/Entities/* | Reorganized entities into namespaces (Users, Posts, Comments, Chats, Reactions) |
| backend/SocialNetwork.Application/Events/* | Added MediatR event handlers for post/comment creation notifications |
| backend/SocialNetwork.API/Controllers/AuthController.cs | Added refresh token and Google OAuth endpoints |
| backend/SocialNetwork.API/Hubs/NotificationHub.cs | New SignalR hub for real-time notifications |
| frontend/socialnetwork.client/src/hooks/authFetch.js | New hook handling automatic token refresh on 401 |
| frontend/socialnetwork.client/src/pages/Settings.jsx | New settings page for password/email changes |
| frontend/socialnetwork.client/src/components/NotificationBell.jsx | Real-time notification UI component |
| frontend/SocialNetwork.mobile/* | Mobile app updates for improved chat UI and authentication |
Files not reviewed (3)
- backend/SocialNetwork.Infrastructure/Migrations/20251225105208_AddRefreshToken.Designer.cs: Language not supported
- backend/SocialNetwork.Infrastructure/Migrations/20260127124428_AddNotifications.Designer.cs: Language not supported
- backend/SocialNetwork.Infrastructure/Migrations/20260216130431_AddReactions.Designer.cs: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| public Task<IEnumerable<Message>> GetMessageByChatIdAsync(Guid chatid); | ||
| public Task<IEnumerable<MessageDto>> GetMessageByChatIdAsync(Guid chatid, CancellationToken cancellationToken = default); | ||
| public Task ToogleReactionAsync(Guid messageId, Guid userId, Guid reactionType, CancellationToken cancellationToken = default); |
There was a problem hiding this comment.
Spelling error in method name: "ToogleReactionAsync" should be "ToggleReactionAsync" (double 'g'). This typo is consistent in the interface, service implementation, and controller usage.
| options.HttpMessageHandlerFactory = (messageHandler) => | ||
| { | ||
| if (messageHandler is HttpClientHandler clientHandler) | ||
| { | ||
| clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true; | ||
| return clientHandler; | ||
| } | ||
|
|
||
| return new HttpClientHandler | ||
| { | ||
| ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true | ||
| }; | ||
| }; |
There was a problem hiding this comment.
Security concern: SSL certificate validation is completely disabled for SignalR connections. This makes the connection vulnerable to man-in-the-middle attacks. Remove this override for production or at minimum add environment-based configuration to only disable it in development.
| var AreFriends = await _friendshipRepository.AreFriendsAsync(UserId, friendId); | ||
| if (AreFriends) | ||
| throw new Exception("Users are not friends"); |
There was a problem hiding this comment.
Logic error: The condition checks if AreFriends is true and then throws "Users are not friends". This should be if (!AreFriends) to throw when users are NOT friends.
| public Task AcceptFriendRequest(Guid requestId, CancellationToken cancellationToken = default) | ||
| { | ||
| var friendship = _friendshipRepository.GetByIdAsync(requestId); | ||
| if (friendship == null) | ||
| throw new Exception("Friend request not found"); | ||
|
|
||
| if (friendship.Result.Status != FriendshipStatus.Pending) | ||
| throw new Exception("Friend request is not pending"); | ||
|
|
||
| friendship.Result.Status = FriendshipStatus.Accepted; | ||
| return _friendshipRepository.UpdateAsync(friendship.Result); |
There was a problem hiding this comment.
The Result property is being accessed synchronously on an async operation without await. This should be: var friendship = await _friendshipRepository.GetByIdAsync(requestId, cancellationToken); and then check if null/update status without .Result.
| const [passwordConfirm, setPasswordConfirm] = useState(''); | ||
|
|
||
| const [newEmail, setNewEmail] = useState(''); | ||
| const [Password, setPassword] = useState(''); |
There was a problem hiding this comment.
Inconsistent naming: variable name should be lowercase to match the naming convention used for other state variables in this file. The variable Password should be password.
| setError(null); | ||
| try { | ||
| const res = await fetch(`${API_BASE}/api/Auth/register`, { | ||
| const res = await authFetch(`${API_BASE}/api/Auth/register`, { |
There was a problem hiding this comment.
The authFetch function is being used for registration endpoint, but registration typically doesn't require authentication. This may cause issues if the Authorization header is being set when it shouldn't be. Consider using regular fetch for the registration endpoint.
| public record LoginResponce | ||
| { | ||
| public string AccessToken { get; set; } | ||
| public string RefreshToken { get; set; } | ||
|
|
||
| public LoginResponce(string accessToken, string refreshToken) |
There was a problem hiding this comment.
Spelling error: "LoginResponce" should be "LoginResponse". This typo appears in multiple files across the codebase including DTOs, services, and interfaces.
| public record LoginResponce | |
| { | |
| public string AccessToken { get; set; } | |
| public string RefreshToken { get; set; } | |
| public LoginResponce(string accessToken, string refreshToken) | |
| public record LoginResponse | |
| { | |
| public string AccessToken { get; set; } | |
| public string RefreshToken { get; set; } | |
| public LoginResponse(string accessToken, string refreshToken) |
| public async Task<IActionResult> LoginWithLogin([FromBody] string idToken, CancellationToken cancellationToken = default) | ||
| { | ||
| _logger.LogInformation("Google login endpoint called"); | ||
| var responce = await _authService.LoginWithGoogleAsync(idToken, cancellationToken); |
There was a problem hiding this comment.
The method receives a string idToken parameter from the request body but the DTO GoogleAuthDto is not being used. Either remove the unused DTO or change the parameter to use it: [FromBody] GoogleAuthDto dto and access dto.IdToken.
| public async Task<IActionResult> LoginWithLogin([FromBody] string idToken, CancellationToken cancellationToken = default) | |
| { | |
| _logger.LogInformation("Google login endpoint called"); | |
| var responce = await _authService.LoginWithGoogleAsync(idToken, cancellationToken); | |
| public async Task<IActionResult> LoginWithLogin([FromBody] GoogleAuthDto dto, CancellationToken cancellationToken = default) | |
| { | |
| _logger.LogInformation("Google login endpoint called"); | |
| var responce = await _authService.LoginWithGoogleAsync(dto.IdToken, cancellationToken); |
No description provided.