fix(api): validate GitHub usernames before downstream API requests

[ArnavJoshi6391]

Description

Fixes #1782

This PR fixes an issue where the /api/github endpoint accepted malformed GitHub usernames and allowed them to reach the GitHub API layer, resulting in downstream fetch errors instead of validation failures.

Changes Made

• Added GitHub username validation to githubParamsSchema
• Rejects usernames containing invalid characters
• Rejects whitespace-only usernames
• Rejects usernames exceeding GitHub's maximum length limit
• Added regression tests covering all of the above scenarios

Validation

Verified that invalid usernames now return a 400 Bad Request response during request validation rather than triggering downstream GitHub API errors.

Pillar

• 🎨 Pillar 1 — New Theme Design
• 📐 Pillar 2 — Geometric SVG Improvement
• 🕐 Pillar 3 — Timezone Logic Optimization
• 🛠️ Other (Bug fix, refactoring, docs)

Visual Preview

N/A (API validation bug fix)

Checklist before requesting a review:

• I have read the CONTRIBUTING.md file.
• I have tested these changes locally (localhost:3000/api/github?username=octocat and invalid username cases).
• I have run npm run lint locally and resolved all errors related to my changes.
• My commits follow the Conventional Commits format (e.g., feat(themes): ..., fix(calculate): ...).
• I have updated README.md if I added a new theme or URL parameter.
• I have starred the repo.
• I have made sure that I have only one commit to merge in this PR.
• The SVG output matches the CommitPulse "premium quality" aesthetic standard (not applicable).
• (Recommended) I joined the CommitPulse Discord community for contributor discussions, mentorship, and faster PR support.

[vercel]

@ArnavJoshi6391 is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

🚨 Hey @ArnavJoshi6391, the CI Pipeline is failing on this PR and it has been marked as status:blocked.

Please fix the issues before this can be reviewed. Here's how:

1. Run checks locally before pushing:

npm run format:check   # Check Prettier formatting
npm run lint           # Run ESLint
npm run typecheck      # TypeScript type check
npm run test           # Run unit tests (Vitest)
npm run build          # Verify production build passes

2. Auto-fix common issues:

npm run format         # Auto-fix formatting with Prettier
npm run lint -- --fix  # Auto-fix lint errors where possible

3. Check the full failure log here:
👉 View CI Run

Once you push a fix and the CI passes, the status:blocked label will be removed automatically. 💪

[Aamod007]

This PR has unresolved merge conflict markers (<<<<<<< HEAD, =======, >>>>>>>) in \�pp/api/github/route.test.ts\ (lines 32-67). Please resolve all conflicts before requesting review.

[ArnavJoshi6391]

Hi @Aamod007 ! I've rebased onto the latest upstream main, resolved the merge conflicts, and force-pushed commit bec83a9.

I also verified that app/api/github/route.test.ts no longer contains any conflict markers (<<<<<<<, =======, >>>>>>>).

The current failing check-conflicts workflow appears to be failing due to a GitHub API rate-limit error (HTTP 403) rather than unresolved conflicts. Could you please re-check the latest revision when convenient? Thanks!

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[ArnavJoshi6391]

Hi @JhaSourav07 ,

I wanted to bring this to your attention regarding PR #1852.

I rebased my branch onto the latest upstream/main, resolved the merge conflicts locally, and force-pushed the updated commit (bec83a9).

I verified that:

app/api/github/route.test.ts no longer contains any conflict markers (<<<<<<<, =======, >>>>>>>)
the PR now contains only a single commit
the branch is rebased on the latest upstream main

However, the PR is still being automatically labeled with needs-rebase, and the conflict-check workflow appears to be failing due to a GitHub API rate-limit error (HTTP 403) rather than an actual merge conflict.

I also noticed several other open PRs currently have the same needs-rebase label, so I wanted to check whether there might be an issue with the automation.

Could you please take a look when you have a moment?

[JhaSourav07]

Hey @ArnavJoshi6391,

app/api/github/route.test.ts

this file has the conflict to resolve

[JhaSourav07]

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[github-actions]

⚠️ Hey @ArnavJoshi6391, this PR has merge conflicts with the main branch.

Please pull the latest changes and resolve the conflicts so we can review it!

git fetch origin
git rebase origin/main
# resolve any conflicts, then:
git push --force-with-lease

Once resolved, the needs-rebase label will be removed automatically on the next check. 🙌

[ArnavJoshi6391]

Hey @JhaSourav07 , thanks for pointing out the conflict earlier. I've rebased against the latest main, resolved the issues, and all required checks are passing now. The PR is ready for its final evolution into a merged commit 🚀🙌

[github-actions]

🎉 Congratulations @ArnavJoshi6391! Your PR has been successfully merged. 🚀

Thank you for contributing to CommitPulse. Your work helps us build a better tool for the community.

⚠️ Important for GSSoC Contributors:
You are strictly advised to join our Discord Server as it is mandatory for all GSSoC participants. All important announcements, point claims, and community discussions happen there.

Keep building! 💻✨