Skip to content

Added Feat #332 Search project by name #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OfficialSubham wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added Feat #332 Search project by name #340

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions apps/api/src/routers/projects.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ const filterPropsSchema = z.object({
.optional(),
pushed: z.string().optional(),
created: z.string().optional(),
repoName: z.string().optional()
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Consider adding length validation and sanitization to repoName.

The repoName string is passed directly into the GitHub search query (see project.service.ts Line 52: `${trimmedRepoName} in:name`). A user could inject GitHub search qualifiers (e.g., "stars:>1000 is:private") to manipulate search results beyond the intended name filter.

Proposed fix 
-  repoName: z.string().optional()
+  repoName: z.string().max(256).regex(/^[a-zA-Z0-9._-]*$/).optional()

The regex restricts input to valid GitHub repository name characters, preventing injection of search qualifiers like stars:, is:, etc.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
repoName: z.string().optional()
repoName: z.string().max(256).regex(/^[a-zA-Z0-9._-]*$/).optional()
🤖 Prompt for AI Agents 
In `@apps/api/src/routers/projects.ts` at line 24, The repoName zod schema
currently allows arbitrary strings which are later interpolated into the GitHub
search template (`${trimmedRepoName} in:name`) and can be abused to inject
search qualifiers; update the schema for repoName in routers/projects.ts to add
length limits (e.g., min 1, max 100) and a regex that only permits valid GitHub
repo name characters (alphanumerics, hyphens, underscores, dots) and disallows
colons/spaces/qualifiers, and then trim/normalize the value before passing it to
the search in project.service.ts (referencing the trimmedRepoName usage) so only
validated/sanitized names reach the GitHub query.

});

const optionsSchema = z.object({
Expand Down
4 changes: 4 additions & 0 deletions apps/api/src/services/project.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ export const projectService = {
queryParts.push(`created:${filters.created}`);
}

if(filters.repoName) {
const trimmedRepoName = filters.repoName.trim();
queryParts.push(`${trimmedRepoName} in:name`)
}
Comment on lines +50 to +53
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

User-supplied repoName is interpolated directly into the GitHub search query.

This is the injection point for the concern raised in the router's schema validation comment. If input sanitization is added at the schema level (as suggested in apps/api/src/routers/projects.ts), this code is safe. Otherwise, a malicious user could craft repoName values containing GitHub search qualifiers to manipulate results.

Ensure the upstream schema validation restricts repoName to valid repository name characters.

🤖 Prompt for AI Agents 
In `@apps/api/src/services/project.service.ts` around lines 50 - 53, The repoName
from filters is interpolated directly into the GitHub search string (see
filters.repoName and queryParts.push), so either enforce/validate the allowed
repo-name characters upstream in the router schema or add a guard here: trim
filters.repoName, validate it against an allowed-repo-name regex (e.g. only
letters, numbers, hyphen, underscore, dot), reject or throw if it contains
invalid characters, and use the validated/sanitized value (e.g.
sanitizedRepoName) when calling queryParts.push(`${sanitizedRepoName} in:name`)
to prevent injection via GitHub search qualifiers.

// Default fields to filter contributor friendly repos
queryParts.push(`is:organization`);
queryParts.push(`is:public`);
Expand Down
12 changes: 11 additions & 1 deletion apps/web/src/components/ui/FiltersContainer.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ export default function FiltersContainer() {

const { toggleShowFilters } = useFilterStore();
const { setRenderProjects } = useRenderProjects();
const { filters, resetFilters } = useFilterInputStore();
const { filters, resetFilters, updateFilters } = useFilterInputStore();
const { setData, eraseData } = useProjectsData();
const { setProjectsNotFound } = useProjectsNotFoundStore();
const getProjects = useGetProjects();
Expand Down Expand Up @@ -80,6 +80,16 @@ export default function FiltersContainer() {
{/* Filter Content */}
<div className="flex-1 overflow-y-auto py-4">
<Accordion type="multiple" className="space-y-2">
<div className="w-full px-6 flex justify-center h-10">
<input
type="text"
placeholder="Enter repository name"
className="w-full rounded-md outline-none focus:outline-2 focus:outline-ox-purple px-2"
onChange={(e) => {
updateFilters({repoName: e.target.value})
}}
/>
</div>
Comment on lines +83 to +92
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Uncontrolled input won't clear on reset, lacks accessibility and dark-theme styling.

Several issues with this input:

  1. Uncontrolled component: No value prop bound to state, so when resetFilters() runs after search (Line 52), the input text remains stale. Per coding guidelines, prefer controlled components.
  2. Missing aria-label: Required by coding guidelines for accessibility on interactive elements.
  3. Missing dark-theme colors: No bg-* or text-* classes — the input will render with browser defaults (white background, black text), which clashes with the dark panel (bg-[#0c0c0d]).
Proposed fix

You'll need to wire the input value to a state variable. One approach is to read repoName from the store filters:

-            <div className="w-full px-6 flex justify-center h-10">
-              <input 
-                type="text" 
-                placeholder="Enter repository name"
-                className="w-full rounded-md outline-none focus:outline-2 focus:outline-ox-purple px-2"
-                onChange={(e) => {
-                  updateFilters({repoName: e.target.value})
-                }}
-              />
-            </div>
+            <div className="w-full px-6 flex justify-center h-10">
+              <input 
+                type="text" 
+                placeholder="Enter repository name"
+                aria-label="Search by repository name"
+                value={(filters as Record<string, string>).repoName ?? ""}
+                className="w-full rounded-md bg-[`#141418`] text-white border border-[`#28282c`] outline-none focus:outline-2 focus:outline-ox-purple px-2 placeholder:text-zinc-500"
+                onChange={(e) => {
+                  updateFilters({repoName: e.target.value})
+                }}
+              />
+            </div>

As per coding guidelines: "Prefer controlled components over uncontrolled", "Include proper aria labels for accessibility", and "NEVER use hardcoded hex values directly in components; ALWAYS reference colors from the design token system using Tailwind classes" — consider using semantic color tokens (e.g., bg-surface-primary, text-text-primary) if they exist in your design system instead of the hex values I used above.

🤖 Prompt for AI Agents 
In `@apps/web/src/components/ui/FiltersContainer.tsx` around lines 83 - 92, The
input in FiltersContainer is currently uncontrolled and lacks accessibility and
dark-theme styling; bind the input's value to the filters' repoName (read from
the store or props), keep the existing onChange handler calling
updateFilters({repoName: e.target.value}), add an appropriate aria-label (e.g.,
aria-label="Repository name"), and replace the hard/absent colors with
design-token Tailwind classes (e.g., bg-surface-primary, text-text-primary,
placeholder:text-text-secondary) so the field clears when resetFilters() updates
repoName and matches dark theme; update the input element in FiltersContainer
accordingly.

<Filter
filterName="Tech stack"
filters={[
Expand Down
1 change: 1 addition & 0 deletions apps/web/src/types/filter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,4 +53,5 @@ export type UserInputFilterProps = {
Competition?: string;
Stage?: string;
Activity?: string;
repoName?: string;
};
6 changes: 5 additions & 1 deletion apps/web/src/utils/converter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ const userInputValues: UserFilterObjProps = {
// Competition: "High",
// Stage: "Very early",
// Activity: "Normal",
// repoName: "name"
// };

// API INPUT EXAMPLE
Expand All @@ -104,6 +105,7 @@ const userInputValues: UserFilterObjProps = {
// forks: { min: "50", max: "1000" },
// pushed: ">=2024-12-08",
// created: ">=2024-12-12",
// reponame: "name"
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Typo in comment: reponame should be repoName.

The comment example uses lowercase reponame but the actual field is repoName (camelCase). This could mislead developers referencing the example.

-//   reponame: "name"
+//   repoName: "name"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// reponame: "name"
// repoName: "name"
🤖 Prompt for AI Agents 
In `@apps/web/src/utils/converter.ts` at line 108, Update the inline example
comment in converter.ts where it shows "//   reponame: "name"" to use the
correct camelCase field name "repoName"; locate the comment near the converter
utilities (e.g., around functions that map or format repo objects) and change
"reponame" to "repoName" so the example matches the actual field used in the
code.

// };

export const convertUserInputToApiInput = (
Expand Down Expand Up @@ -133,7 +135,9 @@ export const convertUserInputToApiInput = (
if (filter.Stage) {
data.created = userInputValues.Stage[filter.Stage as keyof StageProps];
}

if(filter.repoName) {
data.repoName = filter.repoName.trim()
}
return data as FilterProps;
};

Expand Down
1 change: 1 addition & 0 deletions packages/shared/types/filter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,5 @@ export type FilterProps = {
forks?: ForkRange;
pushed?: string;
created?: string;
repoName?: string
}