Implement JWT and Redis-based token security

[kubrickcode]

GitHub OAuth Apps lack refresh tokens, forcing client-side token storage which creates security vulnerabilities. Now store GitHub tokens in Redis and issue short-lived JWTs (2h) to clients instead.

• Add JWT auth with 2-hour expiration (pkg/jwt/)
• Add Upstash Redis client for 30-day session storage (pkg/redis/)
• Update /api/callback to store tokens in Redis and return JWT
• Add /api/verify to exchange JWT for GitHub token
• Add /api/refresh to renew JWT without re-authentication

Token theft damage now limited to 2-hour window instead of permanent access.

fix #9

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
github-project-status-viewer	Ready	Preview	Comment	Oct 7, 2025 9:07am
github-project-status-viewer-p4ii	Ready	Preview	Comment	Oct 7, 2025 9:07am

[kubrickcode]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust security enhancement by replacing client-side token storage with a Redis-backed session store and short-lived JWTs. The implementation is well-structured, with new packages for JWT handling and a Redis client, along with new API endpoints for token verification and refresh. My review focuses on improving code reuse, adhering to the style guide by removing magic strings, and increasing the overall robustness and testability of the new components.

[kubrickcode]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust security enhancement by replacing client-side token storage with a Redis-backed session management system using short-lived JWTs. The implementation is solid, with new endpoints for token verification and renewal. My review focuses on improving the robustness of client initializations, reducing code duplication in the new API handlers, and making a minor refinement for code conciseness, all in line with the repository's style guide.

[kubrickcode]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust security enhancement by replacing client-side GitHub token storage with a server-side session management system using Redis and JWTs. The implementation is well-structured, with clear separation of concerns into new packages for JWT handling, Redis interaction, and authentication middleware. The code is clean, follows good security practices for token handling, and improves the overall architecture. I have one suggestion to further improve code maintainability by leveraging the Go standard library.

[kubrickcode]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust token-based security mechanism using JWTs and Redis, which is a great improvement for security. The implementation is solid, with new packages for JWT management, a Redis client, and authentication logic. My review focuses on improving code clarity, design, and efficiency in a few areas. Key suggestions include refining error handling in JWT validation, improving the design of the authentication helper function to better separate concerns, and making the Redis client usage more efficient. These changes will enhance the maintainability and performance of the new authentication system.

[kubrickcode]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust security enhancement by moving from client-side token storage to a server-side session management system using Redis and JWTs. The implementation is well-structured, with clear separation of concerns into new packages for JWT handling, Redis interaction, and authentication middleware. The new API endpoints for /callback, /verify, and /refresh correctly implement the new authentication flow. My review includes suggestions to improve error handling for more precise client feedback, enhance testability by refactoring away from global singletons, and improve code clarity by removing magic numbers, in line with the repository's style guide.