fix: add authentication token to repository fetch requests

[omsherikar]

Summary by CodeRabbit

• New Features
  • Repository queries now require user authentication. API requests include proper authorization headers when available.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
refactron	Ready	Preview, Comment	Jan 24, 2026 9:52am

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[coderabbitai]

📝 Walkthrough

Walkthrough

The useRepositories hook now implements authentication by retrieving a stored access token from localStorage, validating its presence with an early return if unavailable, and attaching the Bearer token to API request headers.

Changes

Cohort / File(s)	Summary
Authentication Enhancement src/hooks/useRepositories.tsx	Added localStorage token retrieval with early return when absent; Authorization Bearer header attached to fetch request

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hop along to secure shores,
A token guards each API door,
Bear-er headers, proud and true,
Authentication, fresh and new! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: add authentication token to repository fetch requests' accurately describes the main change in the pull request - adding Bearer token authentication to API requests in the fetch workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

👋 Thanks for opening this pull request! A maintainer will review it soon. Please make sure all CI checks pass.

[Copilot]

Pull request overview

Adds client-side authentication to the repositories fetch call so the backend receives an auth token when listing GitHub repositories.

Changes:

• Read accessToken from localStorage before fetching repositories
• Short-circuit the fetch with a “Not authenticated” error when no token is present
• Add Authorization: Bearer <token> header to the repositories request

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

When no token is present you early-return after setting an error, but you leave the existing repositories state untouched. If a user previously loaded repos and then logs out/loses the token, consumers could still see stale data. Consider clearing repositories (e.g., setRepositories([])) when setting the unauthenticated error.

Suggested change

	setError('Not authenticated');
	setError('Not authenticated');
	setRepositories([]);

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/hooks/useRepositories.tsx`:
- Around line 29-35: The hook useRepositories currently returns early when token
is missing but leaves previously loaded data visible; update the auth-failure
path to clear stale repo state by calling setRepositories([]) (and any related
pagination flags like setHasMore(false) if present) before setting
setLoading(false) and setError('Not authenticated'), so when token is removed
the UI no longer shows private/stale repository data.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Clear repositories on missing token to avoid stale/private data.

If a token disappears after data was loaded (logout/expiry), the hook keeps showing the previous list. Consider clearing state on the auth-failure path.

🔧 Proposed fix

     if (!token) {
+      setRepositories([]);
       setLoading(false);
       setError('Not authenticated');
       return;
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const token = localStorage.getItem('accessToken');
	if (!token) {
	setLoading(false);
	setError('Not authenticated');
	return;
	}
	const token = localStorage.getItem('accessToken');
	if (!token) {
	setRepositories([]);
	setLoading(false);
	setError('Not authenticated');
	return;
	}

🤖 Prompt for AI Agents

In `@src/hooks/useRepositories.tsx` around lines 29 - 35, The hook useRepositories
currently returns early when token is missing but leaves previously loaded data
visible; update the auth-failure path to clear stale repo state by calling
setRepositories([]) (and any related pagination flags like setHasMore(false) if
present) before setting setLoading(false) and setError('Not authenticated'), so
when token is removed the UI no longer shows private/stale repository data.