Skip to content

fix(connect): add missing randomBytes import and rename parseGoogleState to parseOAuthState#211

Merged
ShantKhatri merged 2 commits into
Dev-Card:mainfrom
MehtabSandhu11:fix/connect-missing-import-and-rename
May 21, 2026
Merged

fix(connect): add missing randomBytes import and rename parseGoogleState to parseOAuthState#211
ShantKhatri merged 2 commits into
Dev-Card:mainfrom
MehtabSandhu11:fix/connect-missing-import-and-rename

Conversation

@MehtabSandhu11
Copy link
Copy Markdown
Contributor

@MehtabSandhu11 MehtabSandhu11 commented May 21, 2026

Summary

Two bugs were present in apps/backend/src/routes/connect.ts. First, generateState()
called randomBytes from Node's crypto module without ever importing it, meaning any
request to GET /connect/github would throw a ReferenceError: randomBytes is not defined at runtime and crash the entire GitHub connect flow. Second, the helper
function responsible for decoding the OAuth state in the GitHub callback was named
parseGoogleState despite Google connect not existing anywhere in this file — a
misleading name that could confuse any developer maintaining or extending this code.
Both issues are fixed in this PR with minimal, targeted changes.

Closes #178

Type of Change

  • Bug fix
  • New feature
  • Refactor (no functional change)
  • UI / Design change
  • Tests only
  • Documentation
  • Infrastructure / DevOps
  • Security

What Changed

  • apps/backend/src/routes/connect.ts — added import { randomBytes } from 'crypto'
    at the top of the file so generateState() no longer throws a ReferenceError at
    runtime on any GET /connect/github request.
  • apps/backend/src/routes/connect.ts — renamed parseGoogleState to
    parseOAuthState at both its declaration (line 158) and its single call site
    (line 64) inside the /github/callback handler to accurately reflect its purpose.

How to Test

  1. Before this fix: call GET /connect/github with a valid auth token — confirm it
    previously crashed with ReferenceError: randomBytes is not defined.
  2. After this fix: call GET /connect/github with a valid auth token — confirm it
    redirects to GitHub's OAuth page without errors.
  3. Complete the full GitHub connect flow end-to-end — confirm the callback decodes
    the state correctly and stores the token successfully.
  4. Search the codebase for parseGoogleState — confirm no references remain.

Checklist

  • My code follows the project's coding style (pnpm -r run lint passes).
  • TypeScript compiles without errors (pnpm -r run typecheck).
  • I have added or updated tests for the changes I made.
  • All tests pass locally (pnpm -r run test).
  • I have updated documentation where necessary.
  • No new console.log or debug statements left in the code.
  • Breaking changes are documented in this PR description.

Screenshots / Recordings

N/A — backend bug fix with no UI changes.

Additional Context

The rename from parseGoogleState to parseOAuthState is a non-breaking change —
the function is private to this module (not exported) and has exactly one call site,
which is updated in the same commit. No other files reference this function. The
randomBytes import is the more critical of the two fixes since it represents a
guaranteed runtime crash on every connect attempt — the rename is a correctness and
maintainability fix on top of that.

Please add the appropriate labels so that I can get GSSoC points.

@MehtabSandhu11
fix(connect): add missing randomBytes import and rename parseGoogleState
28fdca8 
randomBytes was used in generateState() without being imported from
crypto, causing a ReferenceError crash on any GET /connect/github request.
Also renamed parseGoogleState to parseOAuthState since the function is
exclusively used in the GitHub connect flow — Google connect does not
exist in this file.

Closes Dev-Card#178
ShantKhatri
ShantKhatri approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ShantKhatri ShantKhatri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ShantKhatri
Merge branch 'main' into fix/connect-missing-import-and-rename
e390187 
Signed-off-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com>
@ShantKhatri ShantKhatri merged commit f414719 into Dev-Card:main May 21, 2026
1 check failed
@Harxhit Harxhit added gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. level:advanced Complex contribution involving deeper technical work. (+55 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:security Security-related fixes/improvements (+20 pts) type:bug Bug fixes (+10 pts) labels May 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShantKhatri ShantKhatri ShantKhatri approved these changes

Assignees

No one assigned

Labels

gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. level:advanced Complex contribution involving deeper technical work. (+55 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:bug Bug fixes (+10 pts) type:security Security-related fixes/improvements (+20 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] connect.ts uses randomBytes without importing it, and parseGoogleState is misnamed for a GitHub-only flow

3 participants

@MehtabSandhu11 @ShantKhatri @Harxhit