Description
Currently, GitHub Personal Access Tokens (PAT) are used directly in .env.local and may be exposed in serverless environments. Also, GraphQL requests are made without proper throttling or request deduplication.
This creates multiple critical issues:
API rate limit exhaustion under traffic
Potential token misuse in public deployments
Repeated unnecessary GraphQL calls for the same user
Lack of caching leading to performance degradation
Steps to Reproduce
Clone the repository and set up the project locally or deploy it on Vercel.
Add a valid GitHub Personal Access Token in .env.local.
Make multiple requests to:
/api/streak?user=<github_username>
Observe repeated GitHub GraphQL API calls for each request.
Check logs/network tab → same data is fetched repeatedly without caching or throttling.
Expected Behavior
tHub PAT should remain strictly server-side and never be exposed to client-side bundles or logs.
GraphQL requests should be throttled and deduplicated for repeated users within a short time window.
Same user request should return cached response instead of hitting GitHub API every time.
API should handle rate limits gracefully (fallback response or cached data).
System should prevent unnecessary API usage in production deployments
Screenshots / Logs
No response
GitHub Username (If applicable)
No response
Environment
Chrome
Description
Currently, GitHub Personal Access Tokens (PAT) are used directly in .env.local and may be exposed in serverless environments. Also, GraphQL requests are made without proper throttling or request deduplication.
This creates multiple critical issues:
API rate limit exhaustion under traffic
Potential token misuse in public deployments
Repeated unnecessary GraphQL calls for the same user
Lack of caching leading to performance degradation
Steps to Reproduce
Clone the repository and set up the project locally or deploy it on Vercel.
Add a valid GitHub Personal Access Token in .env.local.
Make multiple requests to:
/api/streak?user=<github_username>
Observe repeated GitHub GraphQL API calls for each request.
Check logs/network tab → same data is fetched repeatedly without caching or throttling.
Expected Behavior
tHub PAT should remain strictly server-side and never be exposed to client-side bundles or logs.
GraphQL requests should be throttled and deduplicated for repeated users within a short time window.
Same user request should return cached response instead of hitting GitHub API every time.
API should handle rate limits gracefully (fallback response or cached data).
System should prevent unnecessary API usage in production deployments
Screenshots / Logs
No response
GitHub Username (If applicable)
No response
Environment
Chrome