bug: /api/notify endpoint lacks rate limiting, Zod validation, and MONGODB_URI graceful degradation

[Tranquil666]

Description

The /api/notify POST endpoint has several gaps compared to other API routes in the project:

Problems

1. No rate limiting — Unlike /api/track-user which uses trackUserRateLimiter, the notify endpoint has no rate limiting, allowing spam of email registrations.

2. No Zod validation — Uses manual if (!username || !email) validation instead of Zod schemas, which is inconsistent with all other API routes that use Zod.

3. No MONGODB_URI graceful degradation — When MONGODB_URI is unset, it will crash with an unhandled error. Compare with /api/track-user which handles this explicitly.

4. No GitHub username format validation — The username field is not validated against GITHUB_USERNAME_REGEX.

5. Missing from middleware matcher — The endpoint is not listed in the middleware matcher (middleware.ts lines 57-63), so it also bypasses the global per-IP rate limiter.

Expected behavior

• Add rate limiting consistent with other endpoints
• Migrate to Zod schema validation using githubParamsSchema or a similar schema
• Add graceful handling when MONGODB_URI is not configured
• Validate GitHub username format
• Add the route to the middleware matcher

Files

• app/api/notify/route.ts
• middleware.ts (matcher config)

[github-actions]

👋 Hey @Tranquil666, welcome to CommitPulse! 🎉

Thanks for opening your first issue — we're glad you're here.

Before diving in, please take a moment to:

• 📖 Read the CONTRIBUTING.md guide
• 💬 Join our Discord community for faster support and collaboration
• 🏷️ Comment /claim on any open, unassigned issue you'd like to work on

A maintainer will review your issue shortly. Happy contributing! 🚀

[Ayush4958]

Hi @Tranquil666 ,

Could u confirm that are u working on this issue or not ,
If not I would like to start work on it

[Tranquil666]

Hey @Ayush4958

I will work on all the issues over here.

[github-actions]

👋 Hey @Tranquil666! Looks like you want to work on this issue — awesome! 🎉

We don't assign issues through comments like this. Here's how our system works:

🤖 How to Claim an Issue

Comment /claim on this issue and our bot will automatically assign it to you (if you're eligible).

/claim

📋 A Few Things to Know

• You can hold a maximum of 3 open issues at a time.
• If there's no activity for 3 days, the assignment will automatically expire so others can pick it up.
• Make sure to read our CONTRIBUTING.md before you start — it covers code style, commit conventions, and the PR checklist.

💬 Join Our Discord

Get faster help, collaborate with other contributors, and stay updated with project news:

Happy contributing! 🚀

[Tranquil666]

/claim

[github-actions]

🎉 Assigned! Welcome to the project, @Tranquil666.

⏳ Reminder: You have 2 days to submit a Pull Request. After 2 days of inactivity, you will be automatically unassigned to give others a chance (as per our GSSoC anti-hoarding policy).

💡 Please read CONTRIBUTING.md if you haven't already.

Happy coding! 🚀