From 4f8f4ef0ba0cb28877854514635b0bae0b84fd20 Mon Sep 17 00:00:00 2001
From: Adnan <technicaljigsaw.tj@gmail.com>
Date: Sat, 23 May 2026 23:42:26 +0530
Subject: [PATCH] api: validate GitHub token before GraphQL requests

---
 apps/api/src/services/project.service.ts | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/apps/api/src/services/project.service.ts b/apps/api/src/services/project.service.ts
index 7ae4d5e9..600b3b86 100644
--- a/apps/api/src/services/project.service.ts
+++ b/apps/api/src/services/project.service.ts
@@ -9,13 +9,24 @@ import type {
 
 dotenv.config();
 
-const GH_PAT = process.env.GITHUB_PERSONAL_ACCESS_TOKEN;
+const getGithubPersonalAccessToken = () => {
+  const token = process.env.GITHUB_PERSONAL_ACCESS_TOKEN?.trim();
 
-const graphqlWithAuth = graphql.defaults({
-  headers: {
-    authorization: `token ${GH_PAT}`,
-  },
-});
+  if (!token) {
+    throw new Error(
+      "GITHUB_PERSONAL_ACCESS_TOKEN is required to fetch GitHub projects. Please configure it in apps/api/.env."
+    );
+  }
+
+  return token;
+};
+
+const createGithubClient = () =>
+  graphql.defaults({
+    headers: {
+      authorization: `token ${getGithubPersonalAccessToken()}`,
+    },
+  });
 
 export const projectService = {
   /**
@@ -53,6 +64,7 @@ export const projectService = {
     queryParts.push(`fork:true`);
 
     const searchQueryString = queryParts.join(" ");
+    const graphqlWithAuth = createGithubClient();
 
     const response: GraphQLResponseProps = await graphqlWithAuth(
       `