[CLAUDE] App+Infra+Api+FE: SignalR realtime notifications E2E

Clean-arch split: - Application: IRealtimeNotifier (PushToUserAsync, abstraction) - Api: NotificationHub (/hubs/notifications, [Authorize]) + SignalRNotifier impl với IHubContext<NotificationHub>, uses Clients.User(userId) (default provider resolves NameIdentifier="sub") - Infrastructure: NotificationPushInterceptor — SaveChangesInterceptor capture Notification entities state=Added trong SavingChanges, push qua IRealtimeNotifier trong SavedChanges sau khi commit thành công. Zero caller changes — handlers chỉ cần db.Add(Notification). Attached vào ApplicationDbContext cùng với AuditingInterceptor. Auth: - JWT config thêm OnMessageReceived event: read ?access_token= từ query string khi path = /hubs/* (WebSockets không set headers). - SignalRNotifier singleton (stateless, chỉ delegate IHubContext). FE (both apps): - @microsoft/signalr 8.0.7 vào package.json. - lib/realtime.ts: singleton connection với lazy start + automatic reconnect [0,2s,5s,10s,15s] + accessTokenFactory lấy từ localStorage. - NotificationBell: useEffect subscribe 'notification-created' khi isAuthenticated. On push: invalidate query + toast.message. Fallback polling giảm từ 30s → 60s (realtime cover gap). - AuthContext.logout: dynamic import stopConnection() — avoid leaking auth'd socket across users. Result: ERP-grade feel. Contract transition → Drafter nhận toast ngay trong vòng 100-300ms (same-origin WebSocket), không cần F5 hay polling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:56:37 +07:00
parent 2a851caa92
commit ea9ab5e352
14 changed files with 319 additions and 3 deletions
--- a/fe-admin/package.json
+++ b/fe-admin/package.json
@ -13,6 +13,7 @@
    "preview": "vite preview"
  },
  "dependencies": {
    "@microsoft/signalr": "^8.0.7",
    "@tailwindcss/vite": "^4.2.3",
    "@tanstack/react-query": "^5.99.2",
    "axios": "^1.15.1",
--- a/fe-admin/src/components/NotificationBell.tsx
+++ b/fe-admin/src/components/NotificationBell.tsx
@ -2,7 +2,10 @@ import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { useEffect, useRef, useState } from 'react'
 import { Bell, CheckCheck } from 'lucide-react'
 import { useNavigate } from 'react-router-dom'
 import { toast } from 'sonner'
 import { api } from '@/lib/api'
 import { ensureConnection } from '@/lib/realtime'
 import { useAuth } from '@/contexts/AuthContext'
 import { cn } from '@/lib/cn'
 type NotificationDto = {
@ -32,13 +35,42 @@ export function NotificationBell() {
  const panelRef = useRef<HTMLDivElement>(null)
  const navigate = useNavigate()
  const qc = useQueryClient()
  const { isAuthenticated } = useAuth()
  const list = useQuery({
    queryKey: ['notifications'],
    queryFn: async () => (await api.get<NotificationDto[]>('/notifications', { params: { limit: 20 } })).data,
-    refetchInterval: 30_000,
+    // Fallback polling at 60s in case SignalR disconnects + reconnect fails
    refetchInterval: 60_000,
  })
  // Subscribe realtime when authenticated. Toast on push + invalidate query.
  useEffect(() => {
    if (!isAuthenticated) return
    let conn: Awaited<ReturnType<typeof ensureConnection>> | null = null
    let cancelled = false
    const handler = (payload: NotificationDto) => {
      qc.invalidateQueries({ queryKey: ['notifications'] })
      toast.message(payload.title, { description: payload.description ?? undefined })
    }
    ensureConnection()
      .then(c => {
        if (cancelled) return
        conn = c
        c.on('notification-created', handler)
      })
      .catch(() => {
        // SignalR unavailable — rely on polling fallback
      })
    return () => {
      cancelled = true
      if (conn) conn.off('notification-created', handler)
    }
  }, [isAuthenticated, qc])
  const items = list.data ?? []
  const unread = items.filter(n => !n.readAt).length
--- a/fe-admin/src/contexts/AuthContext.tsx
+++ b/fe-admin/src/contexts/AuthContext.tsx
@ -64,6 +64,8 @@ export function AuthProvider({ children }: { children: ReactNode }) {
    localStorage.removeItem(MENU_KEY)
    setUser(null)
    setMenu([])
    // Close realtime socket — avoid leaking auth'd connection across users
    import('@/lib/realtime').then(m => m.stopConnection()).catch(() => {})
  }
  return (
--- a/fe-admin/src/lib/realtime.ts
+++ b/fe-admin/src/lib/realtime.ts
@ -0,0 +1,48 @@
 import { HubConnection, HubConnectionBuilder, HubConnectionState, LogLevel } from '@microsoft/signalr'
 import { TOKEN_KEY } from '@/lib/api'
 // Hub URL resolution:
 // - Dev: Vite proxy forwards /api → :5443 but SignalR bypasses axios, so we
 //   hit the API origin directly from the browser.
 // - Prod: VITE_API_BASE_URL (https://api.huypham.vn)
 const HUB_URL = (import.meta.env.VITE_API_BASE_URL ?? window.location.origin) + '/hubs/notifications'
 let connection: HubConnection | null = null
 let startPromise: Promise<void> | null = null
 /** Lazily starts (or reuses) a single hub connection. Token read on connect. */
 export async function ensureConnection(): Promise<HubConnection> {
  if (connection && connection.state === HubConnectionState.Connected) return connection
  if (!connection) {
    connection = new HubConnectionBuilder()
      .withUrl(HUB_URL, {
        accessTokenFactory: () => localStorage.getItem(TOKEN_KEY) ?? '',
      })
      .withAutomaticReconnect([0, 2_000, 5_000, 10_000, 15_000]) // exponential-ish backoff
      .configureLogging(LogLevel.Warning)
      .build()
  }
  if (connection.state === HubConnectionState.Disconnected) {
    startPromise ??= connection.start().catch(err => {
      startPromise = null
      throw err
    })
    await startPromise
    startPromise = null
  }
  return connection
 }
 /** Stops + forgets the connection. Call on logout. */
 export async function stopConnection(): Promise<void> {
  if (!connection) return
  try {
    await connection.stop()
  } catch {
    /* ignore */
  }
  connection = null
  startPromise = null
 }
--- a/fe-user/package.json
+++ b/fe-user/package.json
@ -13,6 +13,7 @@
    "preview": "vite preview"
  },
  "dependencies": {
    "@microsoft/signalr": "^8.0.7",
    "@tailwindcss/vite": "^4.2.3",
    "@tanstack/react-query": "^5.99.2",
    "axios": "^1.15.1",
--- a/fe-user/src/components/NotificationBell.tsx
+++ b/fe-user/src/components/NotificationBell.tsx
@ -2,7 +2,10 @@ import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { useEffect, useRef, useState } from 'react'
 import { Bell, CheckCheck } from 'lucide-react'
 import { useNavigate } from 'react-router-dom'
 import { toast } from 'sonner'
 import { api } from '@/lib/api'
 import { ensureConnection } from '@/lib/realtime'
 import { useAuth } from '@/contexts/AuthContext'
 import { cn } from '@/lib/cn'
 type NotificationDto = {
@ -32,13 +35,42 @@ export function NotificationBell() {
  const panelRef = useRef<HTMLDivElement>(null)
  const navigate = useNavigate()
  const qc = useQueryClient()
  const { isAuthenticated } = useAuth()
  const list = useQuery({
    queryKey: ['notifications'],
    queryFn: async () => (await api.get<NotificationDto[]>('/notifications', { params: { limit: 20 } })).data,
-    refetchInterval: 30_000,
+    // Fallback polling at 60s in case SignalR disconnects + reconnect fails
    refetchInterval: 60_000,
  })
  // Subscribe realtime when authenticated. Toast on push + invalidate query.
  useEffect(() => {
    if (!isAuthenticated) return
    let conn: Awaited<ReturnType<typeof ensureConnection>> | null = null
    let cancelled = false
    const handler = (payload: NotificationDto) => {
      qc.invalidateQueries({ queryKey: ['notifications'] })
      toast.message(payload.title, { description: payload.description ?? undefined })
    }
    ensureConnection()
      .then(c => {
        if (cancelled) return
        conn = c
        c.on('notification-created', handler)
      })
      .catch(() => {
        // SignalR unavailable — rely on polling fallback
      })
    return () => {
      cancelled = true
      if (conn) conn.off('notification-created', handler)
    }
  }, [isAuthenticated, qc])
  const items = list.data ?? []
  const unread = items.filter(n => !n.readAt).length
--- a/fe-user/src/contexts/AuthContext.tsx
+++ b/fe-user/src/contexts/AuthContext.tsx
@ -64,6 +64,8 @@ export function AuthProvider({ children }: { children: ReactNode }) {
    localStorage.removeItem(MENU_KEY)
    setUser(null)
    setMenu([])
    // Close realtime socket — avoid leaking auth'd connection across users
    import('@/lib/realtime').then(m => m.stopConnection()).catch(() => {})
  }
  return (
--- a/fe-user/src/lib/realtime.ts
+++ b/fe-user/src/lib/realtime.ts
@ -0,0 +1,48 @@
 import { HubConnection, HubConnectionBuilder, HubConnectionState, LogLevel } from '@microsoft/signalr'
 import { TOKEN_KEY } from '@/lib/api'
 // Hub URL resolution:
 // - Dev: Vite proxy forwards /api → :5443 but SignalR bypasses axios, so we
 //   hit the API origin directly from the browser.
 // - Prod: VITE_API_BASE_URL (https://api.huypham.vn)
 const HUB_URL = (import.meta.env.VITE_API_BASE_URL ?? window.location.origin) + '/hubs/notifications'
 let connection: HubConnection | null = null
 let startPromise: Promise<void> | null = null
 /** Lazily starts (or reuses) a single hub connection. Token read on connect. */
 export async function ensureConnection(): Promise<HubConnection> {
  if (connection && connection.state === HubConnectionState.Connected) return connection
  if (!connection) {
    connection = new HubConnectionBuilder()
      .withUrl(HUB_URL, {
        accessTokenFactory: () => localStorage.getItem(TOKEN_KEY) ?? '',
      })
      .withAutomaticReconnect([0, 2_000, 5_000, 10_000, 15_000]) // exponential-ish backoff
      .configureLogging(LogLevel.Warning)
      .build()
  }
  if (connection.state === HubConnectionState.Disconnected) {
    startPromise ??= connection.start().catch(err => {
      startPromise = null
      throw err
    })
    await startPromise
    startPromise = null
  }
  return connection
 }
 /** Stops + forgets the connection. Call on logout. */
 export async function stopConnection(): Promise<void> {
  if (!connection) return
  try {
    await connection.stop()
  } catch {
    /* ignore */
  }
  connection = null
  startPromise = null
 }
--- a/src/Backend/SolutionErp.Api/Hubs/NotificationHub.cs
+++ b/src/Backend/SolutionErp.Api/Hubs/NotificationHub.cs
@ -0,0 +1,15 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.SignalR;
 namespace SolutionErp.Api.Hubs;
 // JWT-authenticated hub. Users subscribe automatically to their own channel via
 // Clients.User(userId) — SignalR resolves userId via IUserIdProvider (default
 // uses ClaimTypes.NameIdentifier which our JWT sets to "sub").
 [Authorize]
 public class NotificationHub : Hub
 {
    // Client-callable ping for heartbeat/debug. Clients auto-join their user
    // channel on connect — no explicit join method needed.
    public string Ping() => "pong";
 }
--- a/src/Backend/SolutionErp.Api/Hubs/SignalRNotifier.cs
+++ b/src/Backend/SolutionErp.Api/Hubs/SignalRNotifier.cs
@ -0,0 +1,15 @@
 using Microsoft.AspNetCore.SignalR;
 using SolutionErp.Application.Common.Interfaces;
 namespace SolutionErp.Api.Hubs;
 public class SignalRNotifier(IHubContext<NotificationHub> hub) : IRealtimeNotifier
 {
    public async Task PushToUserAsync(Guid userId, string eventName, object payload, CancellationToken ct = default)
    {
        // Clients.User(userId) uses default IUserIdProvider → reads
        // ClaimTypes.NameIdentifier. Our JWT places the user id in "sub"
        // which ASP.NET maps to NameIdentifier, so this resolves correctly.
        await hub.Clients.User(userId.ToString()).SendAsync(eventName, payload, ct);
    }
 }
--- a/src/Backend/SolutionErp.Api/Program.cs
+++ b/src/Backend/SolutionErp.Api/Program.cs
@ -9,6 +9,7 @@ using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Serilog;
 using SolutionErp.Api.Authorization;
 using SolutionErp.Api.Hubs;
 using SolutionErp.Api.Middleware;
 using SolutionErp.Api.Services;
 using SolutionErp.Application;
@ -27,6 +28,8 @@ builder.Host.UseSerilog((ctx, cfg) => cfg
 // ---------- Core services ----------
 builder.Services.AddControllers();
 builder.Services.AddSignalR();
 builder.Services.AddSingleton<IRealtimeNotifier, SignalRNotifier>();
 builder.Services.AddHttpContextAccessor();
 builder.Services.AddScoped<ICurrentUser, CurrentUserService>();
 builder.Services.AddSingleton<SolutionErp.Application.Forms.IWebHostEnvironmentLocator, SolutionErp.Api.Services.WebHostEnvironmentLocator>();
@ -54,6 +57,19 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwt.Secret)),
            ClockSkew = TimeSpan.FromMinutes(1),
        };
        // SignalR WebSockets can't set Authorization header — read JWT from
        // ?access_token=... query param when the request targets /hubs/*
        options.Events = new JwtBearerEvents
        {
            OnMessageReceived = ctx =>
            {
                var accessToken = ctx.Request.Query["access_token"];
                var path = ctx.HttpContext.Request.Path;
                if (!string.IsNullOrEmpty(accessToken) && path.StartsWithSegments("/hubs"))
                    ctx.Token = accessToken;
                return Task.CompletedTask;
            }
        };
    });
 builder.Services.AddScoped<IAuthorizationHandler, MenuPermissionHandler>();
@ -171,6 +187,7 @@ app.MapHealthChecks("/health/live", new HealthCheckOptions { Predicate = _ => fa
 app.MapHealthChecks("/health/ready", new HealthCheckOptions { Predicate = h => h.Tags.Contains("ready") });
 app.MapControllers();
 app.MapHub<NotificationHub>("/hubs/notifications");
 // ---------- DB init + seed ----------
 if (!args.Contains("--no-db-init"))
--- a/src/Backend/SolutionErp.Application/Common/Interfaces/IRealtimeNotifier.cs
+++ b/src/Backend/SolutionErp.Application/Common/Interfaces/IRealtimeNotifier.cs
@ -0,0 +1,11 @@
 namespace SolutionErp.Application.Common.Interfaces;
 // Abstraction for pushing real-time events to connected clients. The SignalR
 // impl lives in Api (hub + client dispatch); Infrastructure uses this interface
 // without depending on ASP.NET Core hub types.
 public interface IRealtimeNotifier
 {
    // Push a payload to a specific user's channel. Fire-and-forget semantics —
    // delivery is best-effort, callers should not block a transaction on it.
    Task PushToUserAsync(Guid userId, string eventName, object payload, CancellationToken ct = default);
 }
--- a/src/Backend/SolutionErp.Infrastructure/DependencyInjection.cs
+++ b/src/Backend/SolutionErp.Infrastructure/DependencyInjection.cs
@ -39,13 +39,16 @@ public static class DependencyInjection
        services.AddHostedService<SlaExpiryJob>();
        services.AddScoped<AuditingInterceptor>();
        services.AddScoped<NotificationPushInterceptor>();
        services.AddDbContext<ApplicationDbContext>((sp, options) =>
        {
            var connectionString = configuration.GetConnectionString("Default")
                ?? throw new InvalidOperationException("Missing ConnectionStrings:Default");
            options.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(typeof(ApplicationDbContext).Assembly.FullName));
-            options.AddInterceptors(sp.GetRequiredService<AuditingInterceptor>());
+            options.AddInterceptors(
                sp.GetRequiredService<AuditingInterceptor>(),
                sp.GetRequiredService<NotificationPushInterceptor>());
        });
        services.AddScoped<IApplicationDbContext>(sp => sp.GetRequiredService<ApplicationDbContext>());
--- a/src/Backend/SolutionErp.Infrastructure/Persistence/Interceptors/NotificationPushInterceptor.cs
+++ b/src/Backend/SolutionErp.Infrastructure/Persistence/Interceptors/NotificationPushInterceptor.cs
@ -0,0 +1,89 @@
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Diagnostics;
 using Microsoft.Extensions.Logging;
 using SolutionErp.Application.Common.Interfaces;
 using SolutionErp.Domain.Notifications;
 namespace SolutionErp.Infrastructure.Persistence.Interceptors;
 // Auto-pushes newly created Notification entities via IRealtimeNotifier
 // AFTER SaveChanges succeeds. Keeps domain handlers unaware of real-time
 // concerns — they just db.Notifications.Add(...) and the interceptor fires.
 public class NotificationPushInterceptor(
    IRealtimeNotifier notifier,
    ILogger<NotificationPushInterceptor> logger) : SaveChangesInterceptor
 {
    // Captured between Saving* and Saved* — interceptor is scoped with DbContext
    // so this list is per-unit-of-work, not shared across requests.
    private readonly List<Notification> _toPush = new();
    public override InterceptionResult<int> SavingChanges(
        DbContextEventData eventData, InterceptionResult<int> result)
    {
        Capture(eventData.Context);
        return base.SavingChanges(eventData, result);
    }
    public override ValueTask<InterceptionResult<int>> SavingChangesAsync(
        DbContextEventData eventData, InterceptionResult<int> result, CancellationToken cancellationToken = default)
    {
        Capture(eventData.Context);
        return base.SavingChangesAsync(eventData, result, cancellationToken);
    }
    public override int SavedChanges(SaveChangesCompletedEventData eventData, int result)
    {
        _ = FlushAsync(CancellationToken.None);
        return base.SavedChanges(eventData, result);
    }
    public override async ValueTask<int> SavedChangesAsync(
        SaveChangesCompletedEventData eventData, int result, CancellationToken cancellationToken = default)
    {
        await FlushAsync(cancellationToken);
        return await base.SavedChangesAsync(eventData, result, cancellationToken);
    }
    private void Capture(DbContext? context)
    {
        if (context is null) return;
        _toPush.Clear();
        foreach (var entry in context.ChangeTracker.Entries<Notification>())
        {
            if (entry.State == EntityState.Added)
                _toPush.Add(entry.Entity);
        }
    }
    private async Task FlushAsync(CancellationToken ct)
    {
        if (_toPush.Count == 0) return;
        var batch = _toPush.ToList();
        _toPush.Clear();
        foreach (var n in batch)
        {
            try
            {
                // Same shape as NotificationDto on FE — keeps the client simple
                var payload = new
                {
                    id = n.Id,
                    type = (int)n.Type,
                    title = n.Title,
                    description = n.Description,
                    href = n.Href,
                    refId = n.RefId,
                    createdAt = n.CreatedAt,
                    readAt = (DateTime?)null,
                };
                await notifier.PushToUserAsync(n.UserId, "notification-created", payload, ct);
            }
            catch (Exception ex)
            {
                // Never propagate — real-time push is best-effort.
                logger.LogWarning(ex, "Failed to push realtime notification {NotificationId}", n.Id);
            }
        }
    }
 }