Normalize optional identities and persist GitHub connect state

- Trim/normalize optional author name/email so blank values are handled correctly for auth vs anonymous feedback/comment flows
- Persist refreshed GitHub OAuth tokens and compute connected state from persisted or cookie token
- Update UI states for GitHub connect button and invitation account switching, with new e2e/unit coverage

Author: Andreas-Froyland

components/products/ProductSettingsGithub.vue

@@ -31,8 +31,13 @@
               </div>
               <Button variant="outline" data-testid="github-connect" :disabled="isConnecting" @click="connectGithub">
                 <Icon v-if="isConnecting" name="lucide:loader-2" class="mr-2 h-4 w-4 animate-spin" />
+                <Icon
+                  v-else-if="isGithubConnected"
+                  name="lucide:check"
+                  class="mr-2 h-4 w-4 text-emerald-600"
+                />
                 <Icon v-else name="lucide:link" class="mr-2 h-4 w-4" />
-                Connect GitHub
+                {{ githubConnectLabel }}
               </Button>
             </div>
           </div>
@@ -167,6 +172,12 @@ export default {
     canSave() {
       return Boolean(this.form.repoFullName)
     },
+    isGithubConnected() {
+      return Boolean(this.integration?.hasAccessToken || this.$route.query.githubConnected === '1')
+    },
+    githubConnectLabel() {
+      return this.isGithubConnected ? 'Connected' : 'Connect GitHub'
+    },
     repoPlaceholder() {
       if (this.isLoadingRepos) return 'Loading repositories...'
       if (this.repos.length === 0) return 'Connect GitHub to load repositories'

components/public/PublicFeedbackBoard.vue

@@ -1174,18 +1174,23 @@ export default {
       this.scrollObserver.observe(this.$refs.scrollSentinel)
     },
     async submitFeedback() {
-      if (!this.submitForm.title || !this.submitForm.body || !this.submitForm.authorName) return
+      const authorName = this.submitForm.authorName.trim()
+      const authorEmail = this.submitForm.authorEmail.trim()
+      if (!this.submitForm.title || !this.submitForm.body || (!this.currentUser && !authorName)) return
+
+      const payload = {
+        title: this.submitForm.title,
+        body: this.submitForm.body,
+        categoryId: this.submitForm.categoryId || null,
+        ...(!this.currentUser && authorName ? { authorName } : {}),
+        ...(!this.currentUser && authorEmail ? { authorEmail } : {}),
+      }
+
       this.isSubmitting = true
       try {
         await $fetch(`/api/public/t/${this.teamSlug}/${this.projectSlug}/feedback`, {
           method: 'POST',
-          body: {
-            title: this.submitForm.title,
-            body: this.submitForm.body,
-            categoryId: this.submitForm.categoryId || null,
-            authorName: this.submitForm.authorName,
-            authorEmail: this.submitForm.authorEmail || undefined,
-          },
+          body: payload,
         })
         this.showSubmitDialog = false
         this.submitForm = { title: '', body: '', categoryId: '', authorName: '', authorEmail: '' }
@@ -1455,7 +1460,7 @@ export default {
     openCommentOptions() {
       if (!this.detailCommentBody.trim()) return
       if (this.currentUser) {
-        this.executeCommentSubmit('', '')
+        this.executeCommentSubmit()
         return
       }
       this.commentOptionSelected = null
@@ -1471,16 +1476,18 @@ export default {
       await this.executeCommentSubmit(this.commentOptionName.trim(), this.commentOptionEmail.trim())
     },
     async executeCommentSubmit(authorName, authorEmail) {
+      const payload = {
+        body: this.detailCommentBody.trim(),
+        ...(authorName?.trim() ? { authorName: authorName.trim() } : {}),
+        ...(authorEmail?.trim() ? { authorEmail: authorEmail.trim() } : {}),
+      }
+
       this.isSubmittingDetailComment = true
       this.detailCommentError = null
       try {
         const response = await $fetch(`/api/feedback/${this.selectedFeedbackId}/comments`, {
           method: 'POST',
-          body: {
-            body: this.detailCommentBody.trim(),
-            authorName,
-            authorEmail: authorEmail || undefined,
-          },
+          body: payload,
         })
         const comment = response?.data
         if (comment) {

pages/accept-invitation/index.vue

@@ -22,11 +22,29 @@
             </div>
 
             <template v-else>
-              <Alert v-if="errorMessage" variant="destructive">
-                <Icon name="lucide:circle-alert" class="h-4 w-4" />
-                <AlertTitle>Invitation unavailable</AlertTitle>
-                <AlertDescription>{{ errorMessage }}</AlertDescription>
-              </Alert>
+              <template v-if="errorMessage">
+                <Alert variant="destructive">
+                  <Icon name="lucide:circle-alert" class="h-4 w-4" />
+                  <AlertTitle>Invitation unavailable</AlertTitle>
+                  <AlertDescription>{{ errorMessage }}</AlertDescription>
+                </Alert>
+
+                <template v-if="session?.user">
+                  <div class="rounded-lg border bg-muted/40 p-4 text-sm text-muted-foreground">
+                    You're signed in as <span class="font-medium text-foreground">{{ session.user.email }}</span>. Try
+                    signing in with the email address this invitation was sent to.
+                  </div>
+                  <div class="grid gap-3">
+                    <Button class="w-full" :disabled="isSwitching" @click="switchAccount">
+                      <Icon v-if="isSwitching" name="lucide:loader-2" class="mr-2 h-4 w-4 animate-spin" />
+                      Sign in with a different account
+                    </Button>
+                    <Button as-child variant="outline" class="w-full">
+                      <NuxtLink :to="signupLink">Create a new account</NuxtLink>
+                    </Button>
+                  </div>
+                </template>
+              </template>
 
               <div v-else-if="wasAccepted" class="space-y-4 text-center">
                 <p class="text-sm text-muted-foreground">
@@ -83,6 +101,7 @@ export default {
       session: null,
       isLoading: true,
       isAccepting: false,
+      isSwitching: false,
       wasAccepted: false,
       errorMessage: '',
     }
@@ -177,6 +196,16 @@ export default {
       }
     },
 
+    async switchAccount() {
+      try {
+        this.isSwitching = true
+        await authClient.signOut()
+        await navigateTo(this.loginLink)
+      } catch {
+        this.isSwitching = false
+      }
+    },
+
     async goToWorkspace() {
       await navigateTo('/dashboard')
     },

server/api/auth/callback/github/integration.get.ts

@@ -1,3 +1,4 @@
+import { persistGithubIntegrationAccessToken } from '~/server/utils/github-integration'
 import { createErrorResponse, ErrorCode } from '~/server/utils/response'
 import { resolveGithubIntegrationCallbackUrl } from '~/server/utils/github-oauth'
 import { requireProjectCategoryAccessBySlug } from '~/server/utils/project-categories'
@@ -44,7 +45,7 @@ export default defineEventHandler(async (event) => {
     })
   }
 
-  await requireProjectCategoryAccessBySlug(event, stateCookie.projectSlug)
+  const { project } = await requireProjectCategoryAccessBySlug(event, stateCookie.projectSlug)
 
   const clientId = process.env.GITHUB_CLIENT_ID
   const clientSecret = process.env.GITHUB_CLIENT_SECRET
@@ -97,6 +98,8 @@ export default defineEventHandler(async (event) => {
     path: '/',
   })
 
+  await persistGithubIntegrationAccessToken(project.id, tokenBody.access_token)
+
   setCookie(event, 'veerify_github_oauth_token', tokenBody.access_token, {
     httpOnly: true,
     secure: process.env.NODE_ENV === 'production',

server/api/feedback/[id]/comments.post.ts

@@ -4,7 +4,7 @@ import { createErrorResponse, createSuccessResponse, ErrorCode } from '~/server/
 import { optionalAuth } from '~/server/utils/auth-middleware'
 import { requirePublicProject, requireProjectAccess } from '~/server/utils/project-access'
 import { getOrCreateAnonSession } from '~/server/utils/anonymous-session'
-import { validateBody } from '~/server/utils/validation'
+import { validateBody, optionalTrimmedEmail, optionalTrimmedString } from '~/server/utils/validation'
 import { requireRateLimit, rateLimits } from '~/server/utils/rate-limit'
 import { db } from '~/server/database/drizzle'
 import { feedback, feedbackComment, feedbackSubscription } from '~/server/database/schema/feedback'
@@ -15,8 +15,8 @@ const createCommentSchema = z.object({
   body: z.string().min(1, 'Comment body is required').max(5000, 'Comment too long'),
   parentCommentId: z.string().optional().nullable(),
   isInternal: z.boolean().optional().default(false),
-  authorName: z.string().min(1).max(100).optional(),
-  authorEmail: z.string().email().optional(),
+  authorName: optionalTrimmedString(100),
+  authorEmail: optionalTrimmedEmail(),
 })
 
 export default defineEventHandler(async (event) => {

server/api/feedback/index.post.ts

@@ -3,7 +3,7 @@ import { eq } from 'drizzle-orm'
 import { createErrorResponse, createSuccessResponse, ErrorCode } from '~/server/utils/response'
 import { optionalAuth } from '~/server/utils/auth-middleware'
 import { getOrCreateAnonSession } from '~/server/utils/anonymous-session'
-import { validateBody } from '~/server/utils/validation'
+import { validateBody, optionalTrimmedEmail, optionalTrimmedString } from '~/server/utils/validation'
 import { requirePublicProject, requireProjectAccess } from '~/server/utils/project-access'
 import { requireRateLimit, rateLimits } from '~/server/utils/rate-limit'
 import { db } from '~/server/database/drizzle'
@@ -23,8 +23,8 @@ const createFeedbackSchema = z.object({
   projectId: z.string().min(1, 'Project ID is required'),
   categoryId: z.string().optional().nullable(),
   feedbackType: z.enum(['feature_request', 'bug_report', 'improvement', 'question', 'other']).optional(),
-  authorName: z.string().min(1).max(100).optional(),
-  authorEmail: z.string().email().optional(),
+  authorName: optionalTrimmedString(100),
+  authorEmail: optionalTrimmedEmail(),
 })
 
 function createGitHubHeaders(accessToken: string) {

server/api/projects/[slug]/github.get.ts

@@ -1,6 +1,7 @@
 import { eq } from 'drizzle-orm'
 import { db } from '~/server/database/drizzle'
 import { githubIntegration } from '~/server/database/schema/feedback'
+import { hasGithubIntegrationAccessToken } from '~/server/utils/github-integration'
 import { createSuccessResponse } from '~/server/utils/response'
 import { requireProjectCategoryAccess } from '~/server/utils/project-categories'
 
@@ -13,6 +14,8 @@ export default defineEventHandler(async (event) => {
     .where(eq(githubIntegration.projectId, project.id))
     .limit(1)
 
+  const oauthToken = getCookie(event, 'veerify_github_oauth_token')
+
   if (!integration) {
     return createSuccessResponse(null)
   }
@@ -25,7 +28,10 @@ export default defineEventHandler(async (event) => {
     syncEnabled: integration.syncEnabled,
     autoCreateIssues: integration.autoCreateIssues,
     autoSyncStatus: integration.autoSyncStatus,
-    hasAccessToken: Boolean(integration.accessToken),
+    hasAccessToken: hasGithubIntegrationAccessToken({
+      persistedAccessToken: integration.accessToken,
+      oauthToken,
+    }),
     updatedAt: integration.updatedAt,
   })
 })

server/api/public/t/[teamSlug]/[projectSlug]/feedback.post.ts

@@ -3,7 +3,7 @@ import { eq, and } from 'drizzle-orm'
 import { createSuccessResponse } from '~/server/utils/response'
 import { optionalAuth } from '~/server/utils/auth-middleware'
 import { getOrCreateAnonSession } from '~/server/utils/anonymous-session'
-import { validateBody } from '~/server/utils/validation'
+import { validateBody, optionalTrimmedEmail, optionalTrimmedString } from '~/server/utils/validation'
 import { resolvePublicProjectByTeam } from '~/server/utils/project-access'
 import { createErrorResponse, ErrorCode } from '~/server/utils/response'
 import { requireRateLimit, rateLimits } from '~/server/utils/rate-limit'
@@ -14,8 +14,8 @@ const submitFeedbackSchema = z.object({
   title: z.string().min(1, 'Title is required').max(200, 'Title too long'),
   body: z.string().min(1, 'Description is required').max(5000, 'Description too long'),
   categoryId: z.string().optional().nullable(),
-  authorName: z.string().min(1, 'Name is required').max(100).optional(),
-  authorEmail: z.string().email('Invalid email').optional(),
+  authorName: optionalTrimmedString(100, 'Name too long'),
+  authorEmail: optionalTrimmedEmail('Invalid email'),
 })
 
 export default defineEventHandler(async (event) => {

server/utils/github-integration.ts

@@ -0,0 +1,34 @@
+import { eq } from 'drizzle-orm'
+import { db } from '../database/drizzle'
+import { githubIntegration } from '../database/schema/feedback'
+
+type GithubIntegrationUpdateClient = Pick<typeof db, 'update'>
+
+export function hasGithubIntegrationAccessToken(params: {
+  persistedAccessToken?: string | null
+  oauthToken?: string | null
+}) {
+  return Boolean(params.oauthToken || params.persistedAccessToken)
+}
+
+export async function persistGithubIntegrationAccessToken(
+  projectId: string,
+  accessToken: string,
+  updatedAt: Date = new Date(),
+  database: GithubIntegrationUpdateClient = db
+) {
+  if (!projectId || !accessToken) {
+    return false
+  }
+
+  const updated = await database
+    .update(githubIntegration)
+    .set({
+      accessToken,
+      updatedAt,
+    })
+    .where(eq(githubIntegration.projectId, projectId))
+    .returning({ id: githubIntegration.id })
+
+  return updated.length > 0
+}

server/utils/validation.ts

@@ -7,6 +7,29 @@ import { z } from 'zod'
 import type { H3Event } from 'h3'
 import { ErrorCode, createErrorResponse } from './response'
 
+function normalizeOptionalStringValue(value: unknown) {
+  if (typeof value !== 'string') {
+    return value
+  }
+
+  const trimmed = value.trim()
+  return trimmed.length > 0 ? trimmed : undefined
+}
+
+export function optionalTrimmedString(maxLength: number, tooLongMessage?: string) {
+  return z.preprocess(
+    normalizeOptionalStringValue,
+    z.string().max(maxLength, tooLongMessage || `Must be ${maxLength} characters or fewer`).optional()
+  )
+}
+
+export function optionalTrimmedEmail(invalidMessage?: string) {
+  return z.preprocess(
+    normalizeOptionalStringValue,
+    z.string().email(invalidMessage || 'Invalid email format').optional()
+  )
+}
+
 /**
  * Validates request body against a Zod schema
  * @param event - H3 event