Merge branch 'main' into fix-footer-placeholder-links

Author: mehul-m-prajapati

.github/workflows/auto-label-gssoc.yml

@@ -27,4 +27,5 @@ jobs:
         labels: |
             level:intermediate
             quality:clean
+            type:accessibility
             gssoc:approved

CONTRIBUTING.md

@@ -1,130 +1,130 @@
-# 🌟 Contributing to GitHub Tracker
+   # 🌟 Contributing to GitHub Tracker
 
-Thank you for showing interest in **GitHub Tracker**! 🚀  
-Whether you're here to fix a bug, propose an enhancement, or add a new feature, we’re thrilled to welcome you aboard. Let’s build something awesome together!
+   Thank you for showing interest in **GitHub Tracker**! 🚀  
+   Whether you're here to fix a bug, propose an enhancement, or add a new feature, we’re thrilled to welcome you aboard. Let’s build something awesome together!
 
-<br>
+   <br>
 
-## 🧑‍⚖️ Code of Conduct
+   ## 🧑‍⚖️ Code of Conduct
 
-Please make sure to read and adhere to our [Code of Conduct](https://github.com/GitMetricsLab/github_tracker/CODE_OF_CONDUCT.md) before contributing. We aim to foster a respectful and inclusive environment for everyone.
+   Please make sure to read and adhere to our [Code of Conduct](https://github.com/GitMetricsLab/github_tracker/CODE_OF_CONDUCT.md) before contributing. We aim to foster a respectful and inclusive environment for everyone.
 
-<br>
+   <br>
 
-## 🛠 Project Structure
+   ## 🛠 Project Structure
 
-```bash
-github_tracker/
-├── backend/                  # Node.js + Express backend
-│   ├── routes/               # API routes
-│   ├── controllers/          # Logic handlers
-│   └── index.js              # Entry point for server
-│
-├── frontend/                 # React + Vite frontend
-│   ├── components/           # Reusable UI components
-│   ├── pages/                # Main pages/routes
-│   └── main.jsx              # Root file
-│
-├── public/                   # Static assets like images
-│
-├── .gitignore
-├── README.md
-├── package.json
-├── tailwind.config.js
-└── CONTRIBUTING.md
-```
+   ```bash
+   github_tracker/
+   ├── backend/                  # Node.js + Express backend
+   │   ├── routes/               # API routes
+   │   ├── controllers/          # Logic handlers
+   │   └── index.js              # Entry point for server
+   │
+   ├── frontend/                 # React + Vite frontend
+   │   ├── components/           # Reusable UI components
+   │   ├── pages/                # Main pages/routes
+   │   └── main.jsx              # Root file
+   │
+   ├── public/                   # Static assets like images
+   │
+   ├── .gitignore
+   ├── README.md
+   ├── package.json
+   ├── tailwind.config.js
+   └── CONTRIBUTING.md
+   ```
 
----
+   ---
 
-## 🤝 How to Contribute
+   ## 🤝 How to Contribute
 
-### 🧭 First-Time Contribution Steps
+   ### 🧭 First-Time Contribution Steps
 
-1. **Fork the Repository** 🍴  
-   Click "Fork" to create your own copy under your GitHub account.
+   1. **Fork the Repository** 🍴  
+      Click "Fork" to create your own copy under your GitHub account.
 
-2. **Clone Your Fork** 📥  
-   ```bash
-   git clone https://github.com/<your-username>/github_tracker.git
-   ```
+   2. **Clone Your Fork** 📥  
+      ```bash
+      git clone https://github.com/<your-username>/github_tracker.git
+      ```
 
-3. **Navigate to the Project Folder** 📁  
-   ```bash
-   cd github_tracker
-   ```
+   3. **Navigate to the Project Folder** 📁  
+      ```bash
+      cd github_tracker
+      ```
 
-4. **Create a New Branch** 🌿  
-   ```bash
-   git checkout -b your-feature-name
-   ```
+   4. **Create a New Branch** 🌿  
+      ```bash
+      git checkout -b your-feature-name
+      ```
 
-5. **Make Your Changes** ✍  
-   After modifying files, stage and commit:
+   5. **Make Your Changes** ✍  
+      After modifying files, stage and commit:
 
-   ```bash
-   git add .
-   git commit -m "✨ Added [feature/fix]: your message"
-   ```
+      ```bash
+      git add .
+      git commit -m "✨ Added [feature/fix]: your message"
+      ```
 
-6. **Push Your Branch to GitHub** 🚀  
-   ```bash
-   git push origin your-feature-name
-   ```
+   6. **Push Your Branch to GitHub** 🚀  
+      ```bash
+      git push origin your-feature-name
+      ```
 
-7. **Open a Pull Request** 🔁  
-   Go to the original repo and click **Compare & pull request**.
-   
----
+   7. **Open a Pull Request** 🔁  
+      Go to the original repo and click **Compare & pull request**.
+      
+   ---
 
-## 🚦 Pull Request Guidelines
+   ## 🚦 Pull Request Guidelines
 
-### **Split Big Changes into Multiple Commits**
-- When making large or complex changes, break them into smaller, logical commits. 
-- Each commit should represent a single purpose or unit of change (e.g. refactoring, adding a feature, fixing a bug).
----
-- ✅ Ensure your code builds and runs without errors.
-- 🧪 Include tests where applicable.
-- 💬 Add comments if the logic is non-trivial.
-- 📸 Attach screenshots for UI-related changes.
-- 🔖 Use meaningful commit messages and titles.
+   ### **Split Big Changes into Multiple Commits**
+   - When making large or complex changes, break them into smaller, logical commits. 
+   - Each commit should represent a single purpose or unit of change (e.g. refactoring, adding a feature, fixing a bug).
+   ---
+   - ✅ Ensure your code builds and runs without errors.
+   - 🧪 Include tests where applicable.
+   - 💬 Add comments if the logic is non-trivial.
+   - 📸 Attach screenshots for UI-related changes.
+   - 🔖 Use meaningful commit messages and titles.
 
----
+   ---
 
-## 🐞 Reporting Issues
+   ## 🐞 Reporting Issues
 
-If you discover a bug or have a suggestion:
+   If you discover a bug or have a suggestion:
 
-➡️ [Open an Issue](https://github.com/GitMetricsLab/github_tracker/issues/new/choose)
+   ➡️ [Open an Issue](https://github.com/GitMetricsLab/github_tracker/issues/new/choose)
 
-Please include:
+   Please include:
 
-- **Steps to Reproduce**
-- **Expected vs. Actual Behavior**
-- **Screenshots/Logs (if any)**
+   - **Steps to Reproduce**
+   - **Expected vs. Actual Behavior**
+   - **Screenshots/Logs (if any)**
 
----
+   ---
 
-## 🧠 Good Coding Practices
+   ## 🧠 Good Coding Practices
 
-1. **Consistent Style**  
-   Stick to the project's linting and formatting conventions (e.g., ESLint, Prettier, Tailwind classes).
+   1. **Consistent Style**  
+      Stick to the project's linting and formatting conventions (e.g., ESLint, Prettier, Tailwind classes).
 
-2. **Meaningful Naming**  
-   Use self-explanatory names for variables and functions.
+   2. **Meaningful Naming**  
+      Use self-explanatory names for variables and functions.
 
-3. **Avoid Duplication**  
-   Keep your code DRY (Don't Repeat Yourself).
+   3. **Avoid Duplication**  
+      Keep your code DRY (Don't Repeat Yourself).
 
-4. **Testing**  
-   Add unit or integration tests for any new logic.
+   4. **Testing**  
+      Add unit or integration tests for any new logic.
 
-5. **Review Others’ PRs**  
-   Help others by reviewing their PRs too!
+   5. **Review Others’ PRs**  
+      Help others by reviewing their PRs too!
 
----
+   ---
 
-## 🙌 Thank You!
+   ## 🙌 Thank You!
 
-We’re so glad you’re here. Your time and effort are deeply appreciated. Feel free to reach out via Issues or Discussions if you need any help.
+   We’re so glad you’re here. Your time and effort are deeply appreciated. Feel free to reach out via Issues or Discussions if you need any help.
 
-**Happy Coding!** 💻🚀  
+   **Happy Coding!** 💻🚀  

backend/config/passportConfig.js

@@ -9,12 +9,13 @@ passport.use(
             try {
                 const user = await User.findOne( {email} );
                 if (!user) {
-                    return done(null, false, { message: 'Email is invalid '});
+                    // Generic message prevents user enumeration
+                    return done(null, false, { message: 'Invalid credentials' });
                 }
 
                 const isMatch = await user.comparePassword(password);
                 if (!isMatch) {
-                    return done(null, false, { message: 'Invalid password' });
+                    return done(null, false, { message: 'Invalid credentials' });
                 }
 
                 return done(null, {
@@ -34,10 +35,10 @@ passport.serializeUser((user, done) => {
     done(null, user.id);
 });
 
-// Deserialize user (retrieve user from session)
+// Deserialize user — exclude password hash from req.user on every request
 passport.deserializeUser(async (id, done) => {
     try {
-        const user = await User.findById(id);
+        const user = await User.findById(id).select('-password');
         done(null, user);
     } catch (err) {
         done(err, null);

backend/package.json

@@ -17,6 +17,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.21.1",
+    "express-rate-limit": "^7.5.1",
     "express-session": "^1.18.1",
     "mongoose": "^8.8.2",
     "passport": "^0.7.0",

backend/routes/auth.js

@@ -26,13 +26,29 @@ router.post("/signup", validateRequest(signupSchema), async (req, res) => {
             return res.status(400).json({ message: 'User already exists' });
         }
 
-        res.status(500).json({ message: 'Error creating user', error: err.message });
+        res.status(500).json({ message: 'Error creating user' });
     }
 });
 
-// Login route
-router.post("/login", validateRequest(loginSchema), passport.authenticate('local'), (req, res) => {
-    res.status(200).json( { message: 'Login successful', user: req.user } );
+// Login route — session is regenerated after successful authentication
+// to prevent session fixation; only safe fields returned in the response
+router.post("/login", validateRequest(loginSchema), (req, res, next) => {
+    passport.authenticate('local', (err, user, info) => {
+        if (err) return next(err);
+        if (!user) return res.status(401).json({ message: info?.message || 'Invalid credentials' });
+
+        req.session.regenerate((regenerateErr) => {
+            if (regenerateErr) return next(regenerateErr);
+
+            req.logIn(user, (loginErr) => {
+                if (loginErr) return next(loginErr);
+                res.status(200).json({
+                    message: 'Login successful',
+                    user: { id: user.id, username: user.username, email: user.email },
+                });
+            });
+        });
+    })(req, res, next);
 });
 
 // Logout route
@@ -41,7 +57,7 @@ router.get("/logout", (req, res) => {
     req.logout((err) => {
 
         if (err)
-            return res.status(500).json({ message: 'Logout failed', error: err.message });
+            return res.status(500).json({ message: 'Logout failed' });
         else
             res.status(200).json({ message: 'Logged out successfully' });
     });

backend/server.js

@@ -3,6 +3,7 @@ const mongoose = require('mongoose');
 const session = require('express-session');
 const passport = require('passport');
 const bodyParser = require('body-parser');
+const rateLimit = require('express-rate-limit');
 require('dotenv').config();
 const cors = require('cors');
 
@@ -26,6 +27,19 @@ app.use(session({
 app.use(passport.initialize());
 app.use(passport.session());
 
+// Rate limiting — 10 attempts per 15-minute window per IP on auth endpoints
+const authLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000,
+    max: 10,
+    standardHeaders: true,
+    legacyHeaders: false,
+    message: { message: 'Too many attempts, please try again after 15 minutes.' },
+    skipSuccessfulRequests: true,
+});
+
+app.use('/api/auth/login', authLimiter);
+app.use('/api/auth/signup', authLimiter);
+
 // Routes
 const authRoutes = require('./routes/auth');
 app.use('/api/auth', authRoutes);

package.json

@@ -1,5 +1,5 @@
 {
-  "name": "GitHub Tracker",
+  "name": "github-tracker",
   "private": true,
   "version": "0.0.0",
   "type": "module",