Fix: Resolve Dual GitHub Token Storage Failures (Fixes #263)

[Adi-Marathe]

Description

This PR resolves Issue #263, where storing GitHub access tokens in two different sessionStorage keys (gh_access_token and gh_token_${uid}) resulted in severe synchronization issues, silent API failures, and misleading "rate limit" errors.

Changes Made

1. Centralized Token Management:

   • Created a new utility file src/utils/tokenManager.js.
   • This module exposes store(), get(), remove(), and clear() methods, all using a single key format: gh_token_${uid}.

2. Cleaned up AuthContext.jsx:

   • Removed initialization and state fallback logic dependent on gh_access_token.
   • Replaced all raw sessionStorage API calls in login and logout functions with TokenManager.
   • Logging out now clears all GitHub token variants safely.

3. Fixed Missing Token Handling in GitRank.jsx:

   • Replaced the direct sessionStorage.getItem lookup with TokenManager.get(user?.uid).
   • Implemented an explicit guard for null tokens that displays a clear user error ("GitHub token not found. Please log in again to view your charts.") and short-circuits the API request. This prevents the misleading 401-triggered rate limit warnings.

Proof of Fix

• No Residual Keys: Ran a repository-wide search (grep) for gh_access_token and verified 0 occurrences remain in the codebase.
• Single Source of Truth: The pattern gh_token_ is now completely isolated within tokenManager.js.
• Build Passing: A production build (npm run build) was successfully compiled without any errors.

Acceptance Criteria Verified

• Removed gh_access_token key entirely.
• All components use the new TokenManager utility.
• Logout clears all token variants.
• Added proper error messages for missing tokens rather than showing a "rate limit" error.

Closes: #263

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ranker-hub	Ready	Preview, Comment	Jun 4, 2026 11:51am