Adding websocket and notification section

jeffrey-cordero · jeffrey-cordero · commit 686e782f064d · 2025-08-01T10:24:40.000-04:00
diff --git a/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md b/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md
@@ -5,6 +5,57 @@ category: Developer > Rensselaer Center for Open Source (RCOS) > Summer 2025
 
 ### Summary
 
-Over the ten weeks, I was a key contributor to the large-scale, open-source academic platform, where my work focused on developing major features, modernizing infrastructure, enhancing security, and improving the user interface and experience. I authored or contributed to 24 pull requests, reviewed 82 pull requests, and created 6 issues, many of which were resolved or are part of ongoing efforts such as end-to-end testing of notifications and rate limiting. These contributions spanned the entire technology stack, including the frontend (HTML/CSS, JS/TS, Twig, Vue.js), backend (PHP), build systems (Bash), autograding infrastructure (Python, C++), and system testing (Cypress).
+Over the ten weeks, I was a key contributor to the large-scale open-source academic platform, focusing on major feature development, infrastructure modernization, security enhancements, and UI/UX improvements. I authored or contributed to 24 pull requests, reviewed 82 pull requests, and created 6 issues, many of which were resolved or are part of ongoing efforts such as end-to-end notification testing ([#11908](https://github.com/Submitty/Submitty/issues/11908)) and rate limiting ([#11721](https://github.com/Submitty/Submitty/issues/11721)).
+
+My contributions spanned the full technology stack, including the frontend (HTML/CSS, JavaScript/TypeScript, Twig, Vue.js), backend (PHP), build systems (Bash), autograding infrastructure (Python, C++), and system testing (Cypress).
 
 ### WebSocket Security & Testing
+
+I worked on addressing a critical security flaw in the platform's WebSocket server by implementing a token-based authorization system ([#11634](https://github.com/Submitty/Submitty/pull/11634)). Previously, any user with a direct URL and valid login credentials could access any WebSocket page they were not authorized to view, posing a significant security risk, especially for features like Grade Inquiry.
+
+To mitigate this, I designed and integrated a JSON Web Token (JWT)–based authorization layer. The web server now generates short-lived, multi-use tokens that grant access only to specific WebSocket pages. Each token explicitly scopes access per page, ensuring that all WebSocket connections are properly authenticated and secure. Authorized pages are valid for five minutes, and stale entries are discarded using a sliding window mechanism to maintain a minimal, up-to-date permission set.
+
+```json
+{
+  "iat": 1753797357.504631,
+  "iss": "https://submitty.org/",
+  "sub": "instructor",
+  "authorized_pages": {
+    "f25-sample-defaults": 1753800957,
+    "f25-sample-chatrooms-1": 1753800957,
+    "f25-sample-polls-3-instructor": 1753800912
+  },
+  "expire_time": 1753800957
+}
+```
+
+To validate the implementation, I first established a Cypress end-to-end testing foundation through the Discussion Forum pages ([#11873](https://github.com/Submitty/Submitty/pull/11873)), which rely heavily on WebSocket communication. Building on that, I developed a comprehensive testing strategy, including PHP unit tests for backend logic and full-stack Cypress tests to verify the correctness of the authorization flow and catch potential protocol-level issues, such as directly validating WebSocket message producers and handlers.
+
+```
+<img>
+```
+
+
+### Notification System Enhancements
+
+To provide students with timely and relevant updates, I implemented major enhancements to the platform’s notification system. I developed a feature that automatically alerts students via the platform and emails when grades are released ([#10358](https://github.com/Submitty/Submitty/pull/10358)) or when new assignments become available for submission ([#11897](https://github.com/Submitty/Submitty/pull/11897)). These notifications are generated by a reliable, hourly cron job that efficiently processes and dispatches all pending messages for active courses throughout the semester.
+
+```
+[Submitty sample] Grade Released: Grading Homework PDF
+Your grade is now available for Grades Released Homework in course
+SAMPLE.
+
+Click here for more info: http://localhost:1511/courses/s25/sample/gradeable/grading_homework_pdf
+
+--
+NOTE: This is an automated email notification, which is unable to receive replies.
+Please refer to the course syllabus for contact information for your teaching staff.
+Update your email notification settings for this course here: http://localhost:1511/courses/s25/sample/notifications/settings
+```
+
+To support these new features and enhance overall system reliability, I built a dedicated Cypress testing suites for emails  ([#11878](https://github.com/Submitty/Submitty/pull/11878)) and notification preferences ([#11913](https://github.com/Submitty/Submitty/pull/11913)). These tests verifies the functionality of the user settings page, email status page, and key user interactions, establishing a solid foundation for future notification-related testing.
+
+```
+<cypress testing image>
+```
+
