Enhance hover effects for Features section by DineshSivalanka · Pull Request #317 · GitMetricsLab/github_tracker

DineshSivalanka · 2026-05-18T12:11:52Z

Related Issue

Closes #288

Description

Enhanced hover effects for feature cards in both dark and light mode.

Improvements

Added smoother scaling animations
Improved hover shadows
Added icon hover animation
Enhanced dark mode interaction effects
Improved overall UI responsiveness

Type of Change

UI Enhancement
Feature Improvement

How Has This Been Tested?

Tested locally using npm run dev
Verified hover animations in dark and light mode
Checked responsiveness across screen sizes
Verified no build errors

Summary by CodeRabbit

Release Notes

New Features
- Added rate limiting to API endpoints
- Integrated security headers middleware
- Improved CORS configuration with frontend URL whitelist
Bug Fixes
- Added fallback backend URLs for authentication flows
Style
- Enhanced feature card hover animations with improved lift and scale effects

netlify · 2026-05-18T12:11:57Z

❌ Deploy Preview for github-spy failed.

Name	Link
🔨 Latest commit	`e9558bb`
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a0de0bf801f270008883dea

coderabbitai · 2026-05-18T12:12:06Z

Warning

Rate limit exceeded

@DineshSivalanka has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 37 minutes and 40 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 55c9a5bb-5952-48a7-b4ff-a1d3cdc9f50d

📥 Commits

Reviewing files that changed from the base of the PR and between 938d321 and 3cf7652.

📒 Files selected for processing (1)

backend/server.js

📝 Walkthrough

Walkthrough

Backend: adds helmet, express-rate-limit, env-driven CORS/credentials, session defaults, and starts server after DB connect; updates sample env with CLIENT_URL. Frontend: strengthens feature-card hover styling and adds localhost fallback for backend URL in Login/Signup.

Changes

Backend security and configuration

Layer / File(s)	Summary
Add security dependencies and bump cors `backend/package.json`	Adds `express-rate-limit` and `helmet`, and bumps `cors` to `^2.8.6`.
CORS, helmet, rate limiter, and session adjustments `backend/server.js`	Replaces wildcard CORS with env-whitelisted origins (allows no-origin), enables credentials, adds `helmet()`, applies `/api` rate limiting, and derives `sessionSecret` from `SESSION_SECRET` with warning fallback; cookie `secure` tied to production.
DB connection and port defaulting `backend/server.js`	Adds defaults and warnings for `PORT` and `MONGO_URI`, connects to MongoDB using `MONGO_URI`, and starts `app.listen(PORT)` only after successful DB connection.
Add CLIENT_URL to .env sample `backend/.env.sample`	Adds `CLIENT_URL=https://your-frontend-domain.com` and preserves a commented localhost example.

Frontend UI tweaks and backend URL fallbacks

Layer / File(s)	Summary
Feature card hover transform and blur `src/components/Features.tsx`	Increases hover lift from `hover:-translate-y-2` to `hover:-translate-y-3`, changes scale to `hover:scale-105`, and adds `backdrop-blur-sm`.
Login/Signup backend URL fallbacks `src/pages/Login/Login.tsx`, `src/pages/Signup/Signup.tsx`	Provides `http://localhost:5000` fallback when `VITE_BACKEND_URL` is unset for `backendUrl` used in auth requests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

GitMetricsLab/github_tracker#230: Both PRs modify src/components/Features.tsx feature-card hover styling and transform behavior on the same component.

Poem

🐰 I hopped through code with careful paws,
Helmet and limits kept out claws,
Cards now lift and shimmer clear,
And localhost whispers, “I am here.” ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 4

❌ Failed checks (3 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title focuses only on the Features.tsx hover effects change, but the PR includes significant backend security enhancements (CORS, helmet, rate-limiting, environment configuration) that are unrelated to the title's scope.	Update the title to reflect all major changes, such as 'Enhance hover effects and add backend security middleware' or split into multiple focused PRs.
Description check	⚠️ Warning	The PR description focuses exclusively on UI/UX enhancements and hover effects but omits the substantial backend security and configuration changes (CORS, helmet, rate-limiting, SESSION_SECRET, MongoDB configuration).	Add a Backend Changes section documenting the security middleware additions, environment configuration changes, and their purpose in the CORS, rate-limiting, and session security implementations.
Out of Scope Changes check	⚠️ Warning	Multiple backend changes (CORS whitelist, helmet middleware, rate-limiting, SESSION_SECRET, MongoDB configuration defaults) are out of scope relative to issue `#288`, which specifically requests UI hover effects for the Features section.	Move backend security and configuration changes to a separate PR, or update the linked issue to include these backend objectives and update the PR description accordingly.
Linked Issues check	❓ Inconclusive	The PR partially addresses issue `#288` (hover effects for Features section) but also includes unrelated backend security enhancements not mentioned in the linked issue's objectives.	Clarify whether backend security changes are part of issue `#288` scope or if they should be in a separate PR; ensure all changes align with the issue's stated objectives.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions

🎉 Thank you @DineshSivalanka for your contribution. Please make sure your PR follows https://github.com/GitMetricsLab/github_tracker/blob/main/CONTRIBUTING.md#-pull-request-guidelines

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/server.js`:
- Around line 67-72: The current code silently defaults MONGO_URI to localhost;
change the startup logic so you only allow the localhost fallback when
process.env.NODE_ENV === 'development' and otherwise fail fast: first check
process.env.MONGO_URI and if missing and NODE_ENV !== 'development' log an error
via console.error (or processLogger) and exit (process.exit(1)); if NODE_ENV ===
'development' continue but emit a clear warning. Move the MONGO_URI assignment
(the constant MONGO_URI and any warning) to occur after this validation so the
app never silently connects to localhost in non-dev environments.
- Around line 44-49: The code currently falls back to a hard-coded sessionSecret
which is unsafe; replace the permissive fallback with a strict guard: require
process.env.SESSION_SECRET to be set unless NODE_ENV === 'development' (or a
similar explicit dev flag), log a clear error via console.error when missing and
call process.exit(1) to abort startup, and only then set sessionSecret from
process.env.SESSION_SECRET and pass it into app.use(session({ secret:
sessionSecret, ... })); reference the existing symbols sessionSecret,
process.env.SESSION_SECRET, NODE_ENV, and app.use(session(...)) when making the
change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: da81b258-2e50-4d49-b2e1-8f5d9ac2b70e

📥 Commits

Reviewing files that changed from the base of the PR and between 5f035b2 and 938d321.

📒 Files selected for processing (5)

backend/.env.sample
backend/package.json
backend/server.js
src/pages/Login/Login.tsx
src/pages/Signup/Signup.tsx

✅ Files skipped from review due to trivial changes (2)

src/pages/Signup/Signup.tsx
src/pages/Login/Login.tsx

coderabbitai · 2026-05-19T03:10:08Z

+const sessionSecret = process.env.SESSION_SECRET || 'dev-secret';
+if (!process.env.SESSION_SECRET) {
+  console.warn('Warning: SESSION_SECRET is not set. Using a fallback development secret. Set SESSION_SECRET in backend/.env for production.');
+}
 app.use(session({
-    secret: process.env.SESSION_SECRET,
+    secret: sessionSecret,


⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Fail fast when SESSION_SECRET is missing outside local development.

The hard-coded fallback makes session signing predictable whenever deployment config is wrong, which quietly weakens auth/session integrity in production. Keep the fallback strictly dev-only and abort startup otherwise.

🔐 Suggested guard

-const sessionSecret = process.env.SESSION_SECRET || 'dev-secret'; -if (!process.env.SESSION_SECRET) { - console.warn('Warning: SESSION_SECRET is not set. Using a fallback development secret. Set SESSION_SECRET in backend/.env for production.'); -} +const isProduction = process.env.NODE_ENV === 'production'; +if (!process.env.SESSION_SECRET && isProduction) { + throw new Error('SESSION_SECRET must be set in production'); +} + +const sessionSecret = process.env.SESSION_SECRET || 'dev-secret'; +if (!process.env.SESSION_SECRET) { + console.warn('Warning: SESSION_SECRET is not set. Using a fallback development secret.'); +}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

const sessionSecret = process.env.SESSION_SECRET || 'dev-secret';

if (!process.env.SESSION_SECRET) {

console.warn('Warning: SESSION_SECRET is not set. Using a fallback development secret. Set SESSION_SECRET in backend/.env for production.');

}

app.use(session({

secret: process.env.SESSION_SECRET,

secret: sessionSecret,

const isProduction = process.env.NODE_ENV === 'production';

if (!process.env.SESSION_SECRET && isProduction) {

throw new Error('SESSION_SECRET must be set in production');

}

const sessionSecret = process.env.SESSION_SECRET || 'dev-secret';

if (!process.env.SESSION_SECRET) {

console.warn('Warning: SESSION_SECRET is not set. Using a fallback development secret.');

}

app.use(session({

secret: sessionSecret,

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/server.js` around lines 44 - 49, The code currently falls back to a hard-coded sessionSecret which is unsafe; replace the permissive fallback with a strict guard: require process.env.SESSION_SECRET to be set unless NODE_ENV === 'development' (or a similar explicit dev flag), log a clear error via console.error when missing and call process.exit(1) to abort startup, and only then set sessionSecret from process.env.SESSION_SECRET and pass it into app.use(session({ secret: sessionSecret, ... })); reference the existing symbols sessionSecret, process.env.SESSION_SECRET, NODE_ENV, and app.use(session(...)) when making the change.

coderabbitai · 2026-05-19T03:10:08Z

+const PORT = process.env.PORT || 5000;
+const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/githubTracker';
+
+if (!process.env.MONGO_URI) {
+  console.warn('Warning: process.env.MONGO_URI is not set. Using local default:', MONGO_URI);
+}


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid silently defaulting MONGO_URI to localhost in non-dev environments.

If the env var is missing, this can start the app against the wrong database or hide a broken deployment until data looks inconsistent. Limit the localhost fallback to development and fail startup elsewhere.

🗄️ Suggested guard

const PORT = process.env.PORT || 5000; -const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/githubTracker'; +const isProduction = process.env.NODE_ENV === 'production'; +if (!process.env.MONGO_URI && isProduction) { + throw new Error('MONGO_URI must be set in production'); +} +const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/githubTracker';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

const PORT = process.env.PORT || 5000;

const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/githubTracker';

if (!process.env.MONGO_URI) {

console.warn('Warning: process.env.MONGO_URI is not set. Using local default:', MONGO_URI);

}

const PORT = process.env.PORT || 5000;

const isProduction = process.env.NODE_ENV === 'production';

if (!process.env.MONGO_URI && isProduction) {

throw new Error('MONGO_URI must be set in production');

}

const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/githubTracker';

if (!process.env.MONGO_URI) {

console.warn('Warning: process.env.MONGO_URI is not set. Using local default:', MONGO_URI);

}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/server.js` around lines 67 - 72, The current code silently defaults MONGO_URI to localhost; change the startup logic so you only allow the localhost fallback when process.env.NODE_ENV === 'development' and otherwise fail fast: first check process.env.MONGO_URI and if missing and NODE_ENV !== 'development' log an error via console.error (or processLogger) and exit (process.exit(1)); if NODE_ENV === 'development' continue but emit a clear warning. Move the MONGO_URI assignment (the constant MONGO_URI and any warning) to occur after this validation so the app never silently connects to localhost in non-dev environments.

github-actions · 2026-05-20T16:30:40Z

🎉🎉 Thank you for your contribution! Your PR #317 has been merged! 🎉🎉

Enhanced hover effects for feature cards

5f035b2

github-actions Bot added gssoc:approved level:intermediate quality:clean labels May 18, 2026

github-actions Bot reviewed May 18, 2026

View reviewed changes

coderabbitai Bot reviewed May 19, 2026

View reviewed changes

DineshSivalanka force-pushed the dinesh branch from 3cf7652 to 5f035b2 Compare May 19, 2026 04:12

DineshSivalanka closed this May 19, 2026

DineshSivalanka reopened this May 19, 2026

mehul-m-prajapati added type:accessibility level:beginner and removed level:intermediate labels May 20, 2026

Merge branch 'main' into dinesh

e9558bb

mehul-m-prajapati merged commit a3688a9 into GitMetricsLab:main May 20, 2026
1 of 6 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance hover effects for Features section#317

Enhance hover effects for Features section#317
mehul-m-prajapati merged 2 commits into
GitMetricsLab:mainfrom
DineshSivalanka:dinesh

DineshSivalanka commented May 18, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

netlify Bot commented May 18, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented May 18, 2026 •

edited

Loading

Rate limit exceeded

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Poem

❌ Failed checks (3 warnings, 1 inconclusive)

Uh oh!

github-actions Bot left a comment

Uh oh!

coderabbitai Bot left a comment

Uh oh!

coderabbitai Bot May 19, 2026

Uh oh!

coderabbitai Bot May 19, 2026

Uh oh!

Uh oh!

github-actions Bot commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

DineshSivalanka commented May 18, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Related Issue

Description

Improvements

Type of Change

How Has This Been Tested?

Summary by CodeRabbit

Release Notes

Uh oh!

netlify Bot commented May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ Deploy Preview for github-spy failed.

Uh oh!

coderabbitai Bot commented May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Rate limit exceeded

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Poem

❌ Failed checks (3 warnings, 1 inconclusive)

Uh oh!

github-actions Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 19, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 19, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions Bot commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

DineshSivalanka commented May 18, 2026 •

edited by coderabbitai Bot

Loading

netlify Bot commented May 18, 2026 •

edited

Loading

coderabbitai Bot commented May 18, 2026 •

edited

Loading