Bug Description
In src/context/AuthContext.jsx, inside fetchGitHubStats, all GitHub API calls correctly use encodedUsername (trimmed and URI-encoded) — except the events endpoint which uses the raw username parameter:
const fetchGitHubStats = async (uid, username) => {
const trimmedUsername = username.trim();
// validation runs on trimmedUsername...
const encodedUsername = encodeURIComponent(trimmedUsername);
// all other calls use encodedUsername correctly:
axios.get(`https://api.github.com/users/${encodedUsername}`, ...)
axios.get(`https://api.github.com/users/${encodedUsername}/repos...`, ...)
axios.get(`https://api.github.com/search/commits?q=author:${encodedUsername}`, ...)
// events call uses the raw parameter — not trimmed, not encoded:
axios.get(`https://api.github.com/users/${username}/events?per_page=100`, { headers })
};If username has any leading or trailing whitespace (which can happen when authUser.displayName from GitHub's OAuth response carries formatting), the validation passes because it runs on trimmedUsername, but the events URL becomes /users/%20realuser%20/events or literally /users/ realuser /events depending on browser behavior. GitHub returns a 404, the catch block swallows the error silently, and githubStreak stays at 0.
The streak feeds directly into gitRankPoints via githubStreak * 10 — a 10-day streak is worth 100 points. The user never sees an error, just perpetually incorrect stats.
Fix
One variable name change on the events call:
// before
axios.get(`https://api.github.com/users/${username}/events?per_page=100`, { headers })
// after
axios.get(`https://api.github.com/users/${encodedUsername}/events?per_page=100`, { headers })All other calls in this function already use encodedUsername — this is just a missed substitution.
Bug Description
In
src/context/AuthContext.jsx, insidefetchGitHubStats, all GitHub API calls correctly useencodedUsername(trimmed and URI-encoded) — except the events endpoint which uses the rawusernameparameter:If
usernamehas any leading or trailing whitespace (which can happen whenauthUser.displayNamefrom GitHub's OAuth response carries formatting), the validation passes because it runs ontrimmedUsername, but the events URL becomes/users/%20realuser%20/eventsor literally/users/ realuser /eventsdepending on browser behavior. GitHub returns a 404, the catch block swallows the error silently, andgithubStreakstays at 0.The streak feeds directly into
gitRankPointsviagithubStreak * 10— a 10-day streak is worth 100 points. The user never sees an error, just perpetually incorrect stats.Fix
One variable name change on the events call:
All other calls in this function already use
encodedUsername— this is just a missed substitution.