Skip to content

fix(api): validate GitHub token before GraphQL requests#379

Open
adnankhan46 wants to merge 1 commit into
apsinghdev:mainfrom
adnankhan46:fix/gh-validate-token
Open

fix(api): validate GitHub token before GraphQL requests#379
adnankhan46 wants to merge 1 commit into
apsinghdev:mainfrom
adnankhan46:fix/gh-validate-token

Conversation

@adnankhan46
Copy link
Copy Markdown

@adnankhan46 adnankhan46 commented May 23, 2026
edited
Loading

Summary

  • Add explicit validation for GITHUB_PERSONAL_ACCESS_TOKEN
  • Avoid creating GitHub GraphQL requests with token undefined
  • Return a clearer setup error when the required env var is missing

fix for #378

first time tried monorepo, let me know if any changes

Summary by CodeRabbit

  • Chores
    • Improved GitHub API authentication token handling with enhanced error reporting for missing configuration.

Review Change Stack

@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

@adnankhan46 is attempting to deploy a commit to the AJEET PRATAP SINGH's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 23, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The project service refactors GitHub API client initialization from module-level setup to on-demand creation via helper functions. Token retrieval now validates and trims GITHUB_PERSONAL_ACCESS_TOKEN, throwing an error if missing. The fetchGithubProjects method creates the authenticated client per-call using the new createGithubClient() helper.

Changes

GitHub Client Authentication Refactor

Layer / File(s) Summary
Helper functions for token retrieval and client creation
apps/api/src/services/project.service.ts		 New getGithubPersonalAccessToken() reads and validates the environment token, throwing an explicit error if missing. New createGithubClient() returns an authenticated Octokit GraphQL client using that token via graphql.defaults() headers.
Call-site client instantiation in fetchGithubProjects
apps/api/src/services/project.service.ts		 fetchGithubProjects now instantiates graphqlWithAuth using createGithubClient() at the call site instead of relying on module-scoped client initialization.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A token now travels, fresh on each call,
No module-wide lingering through the hall,
Errors explicit, validation takes flight,
The service now builds what it needs just right!
thump thump

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding validation for the GitHub token before making GraphQL requests, which matches the file changes and PR objectives.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@adnankhan46 adnankhan46 mentioned this pull request May 23, 2026
Open
coderabbitai[bot]
coderabbitai Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/api/src/services/project.service.ts`:
- Line 67: The code currently calls createGithubClient() inside
fetchGithubProjects, recreating graphqlWithAuth on every request; change this by
introducing a module-scoped cached client (e.g., a let cachedGraphqlWithAuth)
and modify fetchGithubProjects to initialize cachedGraphqlWithAuth =
createGithubClient() only if it’s undefined or if the token changed/invalid,
otherwise reuse the cached instance; ensure token validation and clear error
handling during first creation so subsequent calls use the pooled client instead
of recreating graphqlWithAuth each time.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f2d61609-8108-4d5b-afaf-b45ce2ac9751

📥 Commits

Reviewing files that changed from the base of the PR and between 697f361 and 4f8f4ef.

📒 Files selected for processing (1)
  • apps/api/src/services/project.service.ts

Comment thread apps/api/src/services/project.service.ts
queryParts.push(`fork:true`);

const searchQueryString = queryParts.join(" ");
const graphqlWithAuth = createGithubClient();
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid recreating the GitHub client on every request.

Creating a new client instance on every call to fetchGithubProjects violates the connection pooling guideline for external service clients and introduces unnecessary performance overhead. Consider caching the client instance after first creation.

As per coding guidelines: apps/api/src/**/{database,clients,services}/*.{js,ts}: Use connection pooling for database and external service clients.

⚡ Proposed fix to cache the client instance 
+let cachedClient: ReturnType<typeof graphql.defaults> | null = null;
+
-const createGithubClient = () =>
-  graphql.defaults({
-    headers: {
-      authorization: `token ${getGithubPersonalAccessToken()}`,
-    },
-  });
+const createGithubClient = () => {
+  if (!cachedClient) {
+    const token = getGithubPersonalAccessToken();
+    cachedClient = graphql.defaults({
+      headers: {
+        authorization: `token ${token}`,
+      },
+    });
+  }
+  return cachedClient;
+};

This approach validates the token on first call and reuses the client for subsequent requests, improving performance while maintaining clear error handling.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/api/src/services/project.service.ts` at line 67, The code currently
calls createGithubClient() inside fetchGithubProjects, recreating
graphqlWithAuth on every request; change this by introducing a module-scoped
cached client (e.g., a let cachedGraphqlWithAuth) and modify fetchGithubProjects
to initialize cachedGraphqlWithAuth = createGithubClient() only if it’s
undefined or if the token changed/invalid, otherwise reuse the cached instance;
ensure token validation and clear error handling during first creation so
subsequent calls use the pooled client instead of recreating graphqlWithAuth
each time.

@adnankhan46 adnankhan46 changed the title api: validate GitHub token before GraphQL requests fix(api): validate GitHub token before GraphQL requests May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adnankhan46