Skip to content

fix: start GitHub connect with auth header#81

Open
saurabhhhcodes wants to merge 1 commit into
kunalverma2512:mainfrom
saurabhhhcodes:fix/github-connect-account-center-79
Open

fix: start GitHub connect with auth header#81
saurabhhhcodes wants to merge 1 commit into
kunalverma2512:mainfrom
saurabhhhcodes:fix/github-connect-account-center-79

Conversation

@saurabhhhcodes
Copy link
Copy Markdown

@saurabhhhcodes saurabhhhcodes commented May 19, 2026
edited by coderabbitai Bot
Loading

Fixes #79.

What changed

  • Added an authenticated POST /auth/github/connect/start endpoint that returns a GitHub authorization URL as JSON.
  • Updated Account Center to call that endpoint through the existing API client, so the JWT is sent before redirecting to GitHub.
  • Preserved the existing public redirect flow and added a loading/error state for the connect button.

Validation

  • node --check server/modules/auth/controller.js
  • node --check server/modules/auth/routes.js
  • cd frontend && ./node_modules/.bin/eslint src/pages/AccountCenterPage.jsx
  • git diff --check

Note: cd frontend && ./node_modules/.bin/vite build is blocked locally by the installed Rolldown native binding failing macOS code-signing/native optional dependency loading, before app code compiles.

Suggested labels for GSSoC: gssoc:approved, level:intermediate, quality:clean, type:bug.

Summary by CodeRabbit

Release Notes

  • New Features

    • Improved GitHub account connection flow with better state management and visual feedback.
    • Connection button now displays progress indicator during the authorization process.

  • Bug Fixes

    • Enhanced error handling in the account deletion flow.
    • Fixed GitHub connection success notification to properly refresh account settings.

Review Change Stack

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

🚀 PR Received Successfully

Hello @saurabhhhcodes,

Thank you for taking the initiative to contribute to this project.

Please ensure that your PR follows all project guidelines properly before requesting review.

⚠️ Important Instructions

  • Maintain proper code quality and structure
  • Do not make unnecessary changes/files
  • Ensure responsiveness across devices
  • Follow existing project conventions strictly
  • Attach screenshots/videos for UI-related changes
  • Resolve merge conflicts before requesting review
  • Avoid AI-generated low quality PRs or copied implementations

📌 Mandatory for GSSoC'26 Participants

Joining the community group and announcement channel is compulsory for all contributors participating through GSSoC'26.

Failure to follow contribution guidelines may lead to PR rejection.

We appreciate your effort and wish you a great open-source journey ahead. ✨

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 19, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 636e2cc1-7366-4f12-8a8d-29f55a09e1c2

📥 Commits

Reviewing files that changed from the base of the PR and between 47f72c6 and 7412e8c.

📒 Files selected for processing (3)
  • frontend/src/pages/AccountCenterPage.jsx
  • server/modules/auth/controller.js
  • server/modules/auth/routes.js
📝 Walkthrough

Walkthrough

This PR converts the GitHub account connection flow from a direct browser redirect to a protected endpoint into a two-step authenticated API request. Frontend calls a new backend endpoint to obtain a GitHub authorization URL, then redirects to it, fixing the 401 error that occurred when authorization headers were lost during direct navigation.

Changes

GitHub Account Connection Flow

Layer / File(s) Summary
Backend GitHub Connect Endpoint
server/modules/auth/controller.js, server/modules/auth/routes.js		 New POST /github/connect/start endpoint added to AuthController.createGithubConnectUrl, which generates a GitHub authorization URL in "connect" mode using the authenticated user ID and returns it as JSON. Route is protected by authentication middleware and rate limiting.
Frontend GitHub Connect Handler
frontend/src/pages/AccountCenterPage.jsx		 GitHubCard component updated to call api.post("/auth/github/connect/start") instead of directly navigating. Introduces connecting state to disable the button during the request. Button UI reflects loading state with "Opening GitHub..." label. Removes unused rankColor helper and error handler parameter.
Frontend Success Banner and Profile Refresh
frontend/src/pages/AccountCenterPage.jsx		 useEffect hook updated to display a success banner on GitHub connection via setTimeout (stored in bannerTimer), refresh the user profile by calling getProfile, and properly clean up the timer and URL parameters.

Sequence Diagram

sequenceDiagram
  participant Browser
  participant GitHubCard
  participant AuthController
  participant GitHub
  Browser->>GitHubCard: User clicks "Connect GitHub Account"
  GitHubCard->>AuthController: POST /auth/github/connect/start (authenticated)
  AuthController->>AuthController: Generate GitHub auth URL<br/>using req.user._id and redirectPath
  AuthController->>GitHubCard: Return { authUrl }
  GitHubCard->>Browser: window.location.href = authUrl
  Browser->>GitHub: Navigate to GitHub consent screen
Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A click that once fell short with a 401 tear,
Now whispers through headers, the token shines clear!
From backend to browser, the URL takes flight,
GitHub consent screen gleams in authenticated light. ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: start GitHub connect with auth header' accurately describes the main change: fixing GitHub connect by starting it with authentication (via an authenticated API endpoint).
Linked Issues check ✅ Passed The PR directly addresses issue #79 by adding an authenticated POST endpoint that preserves the Authorization header and allows GitHub OAuth to proceed from Account Center.
Out of Scope Changes check ✅ Passed All changes are directly scoped to fixing the GitHub connect authentication flow; no unrelated modifications were introduced.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@PRERAN001
Copy link
Copy Markdown

PRERAN001 commented May 20, 2026

bro ,the issue was assigned to me :)

i dont think u should have done this
@saurabhhhcodes

@saurabhhhcodes
Copy link
Copy Markdown
Author

saurabhhhcodes commented May 20, 2026

Thanks for pointing that out, and sorry for stepping into work that may already have been assigned to you. I picked this up from the open issue/bug context while trying to fix the GitHub connect flow, but I do not want to block your assigned contribution.

The PR is small and focused, so I’ll leave it for the maintainers to decide whether it is useful to merge, close, or let you take the fix forward in your own branch. I’m okay with whichever path keeps the project workflow clean.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GitHub Connect returns 401 when initiated from Account Center

2 participants

@saurabhhhcodes @PRERAN001