Skip to content

Fix #47: Add requireAuth to GitHub heatmap API route#23

Open
tmdeveloper007 wants to merge 1 commit into
mainfrom
47-heatmap-api-auth
Open

Fix #47: Add requireAuth to GitHub heatmap API route#23
tmdeveloper007 wants to merge 1 commit into
mainfrom
47-heatmap-api-auth

Conversation

@tmdeveloper007

Copy link
Copy Markdown
Owner

Summary

Adds requireAuth to the GET /api/github/heatmap endpoint. This route calls the GitHub GraphQL API using a server-side token. Without authentication, any unauthenticated caller can enumerate GitHub usernames and consume the app rate-limit budget.

Changes

  • Added requireAuth from @/lib/middleware
  • Wrapped GET handler with auth check and proper HttpError handling

Testing

  • Type check and lint pass
  • CI runs on this PR

Closes nisshchayarathi#47

The heatmap endpoint calls the GitHub GraphQL API using a server-side token.
Without authentication, any unauthenticated caller can enumerate GitHub usernames
and consume the app's rate-limit budget. Adds requireAuth to enforce that
only authenticated users can access this endpoint.

Fixes nisshchayarathi#47
@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

🎉 Thanks for your contribution, @tmdeveloper007!

Your PR has passed our automated GSSoC quality checks. Here's a quick summary:

Check Status
PR description ✅ Provided
PR title ✅ Meaningful
Linked issue ✅ Found
Change size ✅ Looks good (10 lines across 1 file(s))

A maintainer will review your PR soon. Please be patient and available for feedback. 💪

GSSoC'26 automation · Maintainer: @nisshchayarathi

@github-actions github-actions Bot added the GSSoC'26 Part of GirlScript Summer of Code 2026 label Jul 4, 2026
@tmdeveloper007

Copy link
Copy Markdown
Owner Author

CI update: Lint, verify, and schema validation all passing. Type Check shows pre-existing failures that match the main branch. Ready for maintainer review and merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

GSSoC'26 Part of GirlScript Summer of Code 2026

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fix inconsistent auth guard usage across API routes

1 participant