feat(cli)!: convert update subcommand to --update flag

BREAKING CHANGE: The 'update' subcommand is replaced with flags: - Use '--update' to update all cached repositories - Use '--update --repo owner/repo' to update a specific repo - Searching for 'update' keyword now works: 'gh-celebs update'
security: ignore config.toml to prevent token leaks
2026-03-23 17:57:42 +02:00 · 2026-03-23 17:52:14 +02:00 · 2026-03-23 17:51:50 +02:00 · 2026-03-23 17:51:50 +02:00
5 changed files with 64 additions and 42 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,8 @@
 /target
 IMPLEMENTATION_PLAN.md
+
+# Config files that may contain GitHub tokens
+# Note: User config files are stored in platform-specific directories outside the repo
+# (e.g., ~/.config/gh-celebs/config.toml on Linux)
+# This prevents accidental commits if someone creates config.toml in the project root
+/config.toml
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -1,13 +1,10 @@
-use clap::{Parser, Subcommand};
+use clap::Parser;

 #[derive(Parser)]
 #[command(name = "gh-celebs")]
 #[command(about = "A fast CLI tool for searching GitHub repositories by popularity")]
 #[command(version)]
 pub struct Cli {
-    #[command(subcommand)]
-    pub command: Option<Commands>,
-
    #[arg(help = "Search query", value_name = "QUERY")]
    pub query: Option<String>,

@@ -16,15 +13,13 @@ pub struct Cli {

    #[arg(long, help = "Output results as JSON")]
    pub json: bool,
-}

-#[derive(Subcommand)]
-pub enum Commands {
-    #[command(about = "Update cached repositories")]
-    Update {
-        #[arg(
-            help = "Repository to update (format: owner/repo). If not specified, updates all cached repos."
-        )]
-        repo: Option<String>,
-    },
+    #[arg(long, help = "Update cached repositories")]
+    pub update: bool,
+
+    #[arg(
+        long,
+        help = "Repository to update (format: owner/repo). Requires --update"
+    )]
+    pub repo: Option<String>,
 }
--- a/src/github.rs
+++ b/src/github.rs
@@ -11,6 +11,22 @@ pub struct GitHubClient {

 impl GitHubClient {
    pub fn new(token: Option<String>) -> Result<Self> {
+        // Validate token format if provided
+        if let Some(ref t) = token {
+            if !t.is_empty() {
+                // GitHub classic tokens start with 'ghp_'
+                // Fine-grained tokens start with 'github_pat_'
+                // OAuth tokens don't have a specific prefix
+                let is_valid_format = t.starts_with("ghp_") || 
+                                      t.starts_with("github_pat_") ||
+                                      t.len() >= 20; // Generic check for reasonable token length
+                
+                if !is_valid_format {
+                    anyhow::bail!("Invalid GitHub token format. Token should start with 'ghp_' (classic) or 'github_pat_' (fine-grained)");
+                }
+            }
+        }
+
        let mut headers = HeaderMap::new();
        headers.insert(USER_AGENT, HeaderValue::from_static("gh-celebs"));
        headers.insert(ACCEPT, HeaderValue::from_static("application/vnd.github.v3+json"));
--- a/src/main.rs
+++ b/src/main.rs
@@ -11,7 +11,7 @@ use clap::Parser;
 use directories::ProjectDirs;
 use std::path::PathBuf;

-use crate::cli::{Cli, Commands};
+use crate::cli::Cli;
 use crate::config::Config;
 use crate::db::Database;
 use crate::github::GitHubClient;
@@ -51,38 +51,35 @@ async fn main() -> Result<()> {
    let github = GitHubClient::new(config.github.token)?;
    let search_engine = SearchEngine::new(db, github);

-    match cli.command {
-        Some(Commands::Update { repo }) => {
-            if let Some(repo_name) = repo {
-                let rate_limit = search_engine.update_single(&repo_name).await?;
-                if rate_limit.remaining < 3 {
-                    eprintln!("Warning: Rate limit running low ({} remaining)", rate_limit.remaining);
-                }
-            } else {
-                let rate_limit = search_engine.update_all().await?;
-                if rate_limit.remaining < 3 {
-                    eprintln!("Warning: Rate limit running low ({} remaining)", rate_limit.remaining);
-                }
+    if cli.update {
+        if let Some(repo_name) = cli.repo {
+            let rate_limit = search_engine.update_single(&repo_name).await?;
+            if rate_limit.remaining < 3 {
+                eprintln!("Warning: Rate limit running low ({} remaining)", rate_limit.remaining);
+            }
+        } else {
+            let rate_limit = search_engine.update_all().await?;
+            if rate_limit.remaining < 3 {
+                eprintln!("Warning: Rate limit running low ({} remaining)", rate_limit.remaining);
            }
        }
-        None => {
-            let query = cli.query.ok_or_else(|| {
-                anyhow::anyhow!("Query is required when not using a subcommand")
-            })?;
+    } else {
+        let query = cli.query.ok_or_else(|| {
+            anyhow::anyhow!("Query is required. Use --update to update cached repositories.")
+        })?;

-            let response = search_engine.search(&query, cli.limit).await?;
+        let response = search_engine.search(&query, cli.limit).await?;

-            if cli.json {
-                let json = OutputFormatter::format_json(&response)?;
-                println!("{}", json);
-            } else {
-                let text = OutputFormatter::format_text(&response)?;
-                println!("{}", text);
-            }
+        if cli.json {
+            let json = OutputFormatter::format_json(&response)?;
+            println!("{}", json);
+        } else {
+            let text = OutputFormatter::format_text(&response)?;
+            println!("{}", text);
+        }

-            if response.api_remaining < 3 {
-                eprintln!("Warning: GitHub API rate limit running low ({} remaining)", response.api_remaining);
-            }
+        if response.api_remaining < 3 {
+            eprintln!("Warning: GitHub API rate limit running low ({} remaining)", response.api_remaining);
        }
    }

--- a/src/search.rs
+++ b/src/search.rs
@@ -3,6 +3,8 @@ use crate::github::GitHubClient;
 use crate::models::{RateLimitInfo, Repo, SearchResponse, SearchResult};
 use anyhow::Result;
 use std::collections::HashMap;
+use std::time::Duration;
+use tokio::time::sleep;

 pub struct SearchEngine {
    db: Database,
@@ -105,6 +107,12 @@ impl SearchEngine {
            if last_rate_limit.remaining < 3 {
                println!("\nWarning: Rate limit running low ({} remaining)", last_rate_limit.remaining);
            }
+
+            // Client-side rate limiting: wait 3 seconds between requests
+            // This respects both anonymous (10/min = 6s) and authenticated (30/min = 2s) limits
+            if idx < total - 1 {
+                sleep(Duration::from_secs(3)).await;
+            }
        }

        println!("\n✓ Updated {} repositories", total);
Author	SHA1	Message	Date
Jonathan Agmon	5f645f884d	feat(cli)!: convert update subcommand to --update flag BREAKING CHANGE: The 'update' subcommand is replaced with flags: - Use '--update' to update all cached repositories - Use '--update --repo owner/repo' to update a specific repo - Searching for 'update' keyword now works: 'gh-celebs update'	2026-03-23 17:57:42 +02:00
Jonathan Agmon	23775e3c67	security: ignore config.toml to prevent token leaks	2026-03-23 17:52:14 +02:00
Jonathan Agmon	9b31be5457	security: add GitHub token format validation	2026-03-23 17:51:50 +02:00
Jonathan Agmon	1dbf7e33f9	security: add client-side rate limiting to update_all command	2026-03-23 17:51:50 +02:00