fix: remove github_follow token when disconnecting github account

apps/backend/package.json

@@ -28,6 +28,7 @@
     "@fastify/rate-limit": "^10.3.0",
     "@fastify/static": "^8.0.0",
     "@prisma/client": "^6.0.0",
+    "devcard": "file:../..",
     "dotenv": "^16.4.0",
     "fastify": "^5.0.0",
     "fastify-plugin": "^5.0.0",
@@ -52,4 +53,4 @@
     "typescript-eslint": "^8.59.3",
     "vitest": "^2.0.0"
   }
-}
+}

apps/backend/src/__tests__/connect.test.ts

@@ -1,6 +1,6 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
 import Fastify from 'fastify';
 import jwt from '@fastify/jwt';
+import { describe, it, expect, beforeEach, vi } from 'vitest';
 import { connectRoutes } from '../routes/connect.js';
 import type { PrismaClient } from '@prisma/client';
 
@@ -22,12 +22,13 @@
     findMany: vi.fn(),
     upsert: vi.fn(),
     delete: vi.fn(),
+    deleteMany: vi.fn(),
   },
 };
 
 global.fetch = vi.fn();
 
 async function buildApp() {
   const app = Fastify();
   await app.register(jwt, { secret: 'test-secret' });
   app.decorate('prisma', mockPrisma as unknown as PrismaClient);
@@ -36,7 +37,7 @@
   app.decorate('authenticate', async (request: any, reply: any) => {
     try {
       await request.jwtVerify();
-    } catch (err) {
+    } catch (_err) {
       reply.status(401).send({ error: 'Unauthorized' });
     }
   });
@@ -184,4 +185,116 @@
     expect(res.statusCode).toBe(302);
     expect(res.headers.location).toBe('http://localhost:3000/settings?error=connect_failed');
   });
+});
+
+describe('DELETE /api/connect/:platform', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('successfully deletes github and github_follow when platform is github', async () => {
+    mockPrisma.oAuthToken.deleteMany.mockResolvedValue({ count: 2 });
+    const app = await buildApp();
+
+    const token = app.jwt.sign({ id: 'user-1' });
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/connect/github',
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ success: true });
+    expect(mockPrisma.oAuthToken.deleteMany).toHaveBeenCalledWith({
+      where: {
+        userId: 'user-1',
+        platform: { in: ['github', 'github_follow'] }
+      }
+    });
+  });
+
+  it('returns 404 if no github tokens are found', async () => {
+    mockPrisma.oAuthToken.deleteMany.mockResolvedValue({ count: 0 });
+    const app = await buildApp();
+
+    const token = app.jwt.sign({ id: 'user-1' });
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/connect/github',
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+
+    expect(res.statusCode).toBe(404);
+    expect(JSON.parse(res.body)).toEqual({ error: 'Connection not found' });
+  });
+
+  it('successfully deletes other platforms using delete', async () => {
+    mockPrisma.oAuthToken.delete.mockResolvedValue({});
+    const app = await buildApp();
+
+    const token = app.jwt.sign({ id: 'user-1' });
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/connect/linkedin',
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ success: true });
+    expect(mockPrisma.oAuthToken.delete).toHaveBeenCalledWith({
+      where: {
+        userId_platform: {
+          userId: 'user-1',
+          platform: 'linkedin'
+        }
+      }
+    });
+  });
+
+  it('allows direct deletion of github_follow', async () => {
+    mockPrisma.oAuthToken.delete.mockResolvedValue({});
+    const app = await buildApp();
+
+    const token = app.jwt.sign({ id: 'user-1' });
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/connect/github_follow',
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ success: true });
+    expect(mockPrisma.oAuthToken.delete).toHaveBeenCalledWith({
+      where: {
+        userId_platform: {
+          userId: 'user-1',
+          platform: 'github_follow'
+        }
+      }
+    });
+  });
+
+  it('returns 400 for unsupported platforms', async () => {
+    const app = await buildApp();
+
+    const token = app.jwt.sign({ id: 'user-1' });
+    const res = await app.inject({
+      method: 'DELETE',
+      url: '/api/connect/unsupported',
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+
+    expect(res.statusCode).toBe(400);
+    expect(JSON.parse(res.body).error).toContain('Unsupported platform');
+  });
 });

apps/backend/src/routes/connect.ts

@@ -1,5 +1,7 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
-import { randomBytes } from 'crypto';
+
+import { randomBytes } from 'node:crypto';
+
 import { encrypt } from '../utils/encryption.js';
 
 const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
@@ -22,7 +24,7 @@
   nonce: string;
 }
 
 export async function connectRoutes(app: FastifyInstance) {
   // ─── Status ───
 
   app.get('/status', {
@@ -30,9 +32,9 @@
       const server = request.server as any;
       if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
       if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
-      try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) }
+      try { await request.jwtVerify() } catch (_e) { reply.status(401).send({ error: 'Unauthorized' }) }
     }],
-  }, async (request: FastifyRequest, reply: FastifyReply) => {
+  }, async (request: FastifyRequest, _reply: FastifyReply) => {
     const userId = (request.user as any).id;
 
     const tokens = await app.prisma.oAuthToken.findMany({
@@ -50,7 +52,7 @@
       const server = request.server as any;
       if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
       if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
-      try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) }
+      try { await request.jwtVerify() } catch (_e) { reply.status(401).send({ error: 'Unauthorized' }) }
     }],
   }, async (request: FastifyRequest, reply: FastifyReply) => {
     const userId = (request.user as any).id;
@@ -102,7 +104,7 @@
       }
 
       // Consume the nonce -- one-time use only (if redis configured)
       if (app.redis) await app.redis.del(`oauth:nonce:${decodedState.nonce}`);
 
       const userId = decodedState.userId;
 
@@ -160,9 +162,9 @@
 
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/settings?connected=github`);
 
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      app.log.error({ error, message }, 'GitHub connect error');
+    } catch (_error) {
+      const message = _error instanceof Error ? _error.message : String(_error);
+      app.log.error({ error: _error, message }, 'GitHub connect error');
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/settings?error=server_error`);
     }
   });
@@ -175,29 +177,43 @@
       const server = request.server as any;
       if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
       if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
-      try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) }
+      try { await request.jwtVerify() } catch (_e) { reply.status(401).send({ error: 'Unauthorized' }) }
     }],
-  }, async (request: FastifyRequest<{ Params: { platform: string } }>, reply: FastifyReply) => {
+  }, async (request: FastifyRequest<{ Params: { platform: string } }>, _reply: FastifyReply) => {
     const userId = (request.user as any).id;
     const { platform } = request.params;
 
-    const SUPPORTED_PLATFORMS = ['github', 'google', 'twitter', 'linkedin'];
+    const SUPPORTED_PLATFORMS = ['github', 'google', 'twitter', 'linkedin', GITHUB_FOLLOW_PLATFORM];
     if (!SUPPORTED_PLATFORMS.includes(platform)) {
-      return reply.status(400).send({ error: `Unsupported platform: ${platform}` });
+      return _reply.status(400).send({ error: `Unsupported platform: ${platform}` });
     }
 
     try {
-      await app.prisma.oAuthToken.delete({
-        where: {
-          userId_platform: {
+      if (platform === 'github') {
+        // When disconnecting GitHub, also remove the follow-capable token if it exists
+        const result = await app.prisma.oAuthToken.deleteMany({
+          where: {
             userId,
-            platform,
+            platform: { in: ['github', GITHUB_FOLLOW_PLATFORM] },
           },
-        },
-      });
+        });
+
+        if (result.count === 0) {
+          return _reply.status(404).send({ error: 'Connection not found' });
+        }
+      } else {
+        await app.prisma.oAuthToken.delete({
+          where: {
+            userId_platform: {
+              userId,
+              platform,
+            },
+          },
+        });
+      }
       return { success: true };
-    } catch (error) {
-      return reply.status(404).send({ error: 'Connection not found' });
+    } catch (_error) {
+      return _reply.status(404).send({ error: 'Connection not found' });
     }
   });
 }
@@ -211,7 +227,7 @@
       return null;
     }
     return decoded;
-  } catch {
+  } catch (_e) {
     return null;
   }
 }

apps/web/package.json

@@ -10,6 +10,7 @@
     "preview": "vite preview"
   },
   "dependencies": {
+    "devcard": "file:../..",
     "react": "^19.2.6",
     "react-dom": "^19.2.6",
     "react-router-dom": "^7.6.2"
@@ -28,4 +29,4 @@
     "typescript-eslint": "^8.59.2",
     "vite": "^8.0.12"
   }
-}
+}