fix: start GitHub connect with auth header

[saurabhhhcodes]

Fixes #79.

What changed

• Added an authenticated POST /auth/github/connect/start endpoint that returns a GitHub authorization URL as JSON.
• Updated Account Center to call that endpoint through the existing API client, so the JWT is sent before redirecting to GitHub.
• Preserved the existing public redirect flow and added a loading/error state for the connect button.

Validation

• node --check server/modules/auth/controller.js
• node --check server/modules/auth/routes.js
• cd frontend && ./node_modules/.bin/eslint src/pages/AccountCenterPage.jsx
• git diff --check

Note: cd frontend && ./node_modules/.bin/vite build is blocked locally by the installed Rolldown native binding failing macOS code-signing/native optional dependency loading, before app code compiles.

Suggested labels for GSSoC: gssoc:approved, level:intermediate, quality:clean, type:bug.

Summary by CodeRabbit

Release Notes

• New Features

  • Improved GitHub account connection flow with better state management and visual feedback.
  • Connection button now displays progress indicator during the authorization process.

• Bug Fixes

  • Enhanced error handling in the account deletion flow.
  • Fixed GitHub connection success notification to properly refresh account settings.

[github-actions]

🚀 PR Received Successfully

Hello @saurabhhhcodes,

Thank you for taking the initiative to contribute to this project.

Please ensure that your PR follows all project guidelines properly before requesting review.

⚠️ Important Instructions

• Maintain proper code quality and structure
• Do not make unnecessary changes/files
• Ensure responsiveness across devices
• Follow existing project conventions strictly
• Attach screenshots/videos for UI-related changes
• Resolve merge conflicts before requesting review
• Avoid AI-generated low quality PRs or copied implementations

📌 Mandatory for GSSoC'26 Participants

Joining the community group and announcement channel is compulsory for all contributors participating through GSSoC'26.

• Telegram Group: https://t.me/c/3991077814/1
• Telegram Channel: https://t.me/+g4esQdo-DyNlZWE1

Failure to follow contribution guidelines may lead to PR rejection.

We appreciate your effort and wish you a great open-source journey ahead. ✨

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 636e2cc1-7366-4f12-8a8d-29f55a09e1c2

📥 Commits

Reviewing files that changed from the base of the PR and between 47f72c6 and 7412e8c.

📒 Files selected for processing (3)

• frontend/src/pages/AccountCenterPage.jsx
• server/modules/auth/controller.js
• server/modules/auth/routes.js

---

📝 Walkthrough

Walkthrough

This PR converts the GitHub account connection flow from a direct browser redirect to a protected endpoint into a two-step authenticated API request. Frontend calls a new backend endpoint to obtain a GitHub authorization URL, then redirects to it, fixing the 401 error that occurred when authorization headers were lost during direct navigation.

Changes

GitHub Account Connection Flow

Layer / File(s)	Summary
Backend GitHub Connect Endpoint server/modules/auth/controller.js, server/modules/auth/routes.js	New POST /github/connect/start endpoint added to AuthController.createGithubConnectUrl, which generates a GitHub authorization URL in "connect" mode using the authenticated user ID and returns it as JSON. Route is protected by authentication middleware and rate limiting.
Frontend GitHub Connect Handler frontend/src/pages/AccountCenterPage.jsx	GitHubCard component updated to call api.post("/auth/github/connect/start") instead of directly navigating. Introduces connecting state to disable the button during the request. Button UI reflects loading state with "Opening GitHub..." label. Removes unused rankColor helper and error handler parameter.
Frontend Success Banner and Profile Refresh frontend/src/pages/AccountCenterPage.jsx	useEffect hook updated to display a success banner on GitHub connection via setTimeout (stored in bannerTimer), refresh the user profile by calling getProfile, and properly clean up the timer and URL parameters.

Sequence Diagram

sequenceDiagram
  participant Browser
  participant GitHubCard
  participant AuthController
  participant GitHub
  Browser->>GitHubCard: User clicks "Connect GitHub Account"
  GitHubCard->>AuthController: POST /auth/github/connect/start (authenticated)
  AuthController->>AuthController: Generate GitHub auth URL<br/>using req.user._id and redirectPath
  AuthController->>GitHubCard: Return { authUrl }
  GitHubCard->>Browser: window.location.href = authUrl
  Browser->>GitHub: Navigate to GitHub consent screen

Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A click that once fell short with a 401 tear,
Now whispers through headers, the token shines clear!
From backend to browser, the URL takes flight,
GitHub consent screen gleams in authenticated light. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: start GitHub connect with auth header' accurately describes the main change: fixing GitHub connect by starting it with authentication (via an authenticated API endpoint).
Linked Issues check	✅ Passed	The PR directly addresses issue #79 by adding an authenticated POST endpoint that preserves the Authorization header and allows GitHub OAuth to proceed from Account Center.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the GitHub connect authentication flow; no unrelated modifications were introduced.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[PRERAN001]

bro ,the issue was assigned to me :)

i dont think u should have done this
@saurabhhhcodes

[saurabhhhcodes]

Thanks for pointing that out, and sorry for stepping into work that may already have been assigned to you. I picked this up from the open issue/bug context while trying to fix the GitHub connect flow, but I do not want to block your assigned contribution.

The PR is small and focused, so I’ll leave it for the maintainers to decide whether it is useful to merge, close, or let you take the fix forward in your own branch. I’m okay with whichever path keeps the project workflow clean.