RocketChat · srijnabhargav · Mar 21, 2026 · Mar 21, 2026 · Mar 27, 2026 · Mar 27, 2026
diff --git a/package.json b/package.json
@@ -29,7 +29,8 @@
     "start": "npm run build && NODE_ENV=development webpack-dev-server --host 0.0.0.0 --open --hot --config build/webpack.config.js",
     "build": "npm --prefix admin run build && NODE_ENV=production webpack --config build/webpack.config.js",
     "serve": "cd src/server && NODE_ENV=development node app.js",
-    "lint": "eslint ."
+    "lint": "eslint .",
+    "test": "node --test 'test/**/*.test.js'"
   },
   "husky": {
     "hooks": {

diff --git a/src/server/app.js b/src/server/app.js
@@ -26,6 +26,23 @@ const websocketProxyOption = {
     changeOrigin: true,
 }
 
+function sendJson(res, statusCode, payload) {
+    res.statusCode = statusCode
+    res.setHeader('Content-Type', 'application/json')
+    res.end(JSON.stringify(payload))
+}
+
+function readJsonFileOr500(res, filePath, callback) {
+    jsonfile.readFile(filePath, (err, obj) => {
+        if (err) {
+            console.log('[ERROR]' + err)
+            sendJson(res, 500, { message: 'Failed to read server data' })
+            return
+        }
+        callback(obj)
+    })
+}
+
 Object.defineProperty(Array.prototype, 'flat', {
     value: function (depth = 1) {
         return this.reduce(function (flat, toFlatten) {
@@ -59,6 +76,12 @@ const refresh = spawn('node', ['refresh.js'], {
     shell: true,
     stdio: 'inherit',
 })
+refresh.on('exit', (code) => {
+    console.log(`[ERROR] refresh.js exited with code ${code}. Leaderboard data may become stale.`)
+})
+refresh.on('error', (err) => {
+    console.log(`[ERROR] Failed to start refresh.js: ${err.message}`)
+})
 process.on('exit', () => {
     refresh.kill() // kill it when exit
 })
@@ -71,15 +94,13 @@ const server = http
         switch (route) {
         case '/data':
             res.setHeader('Cache-Control', 'no-store')
-            jsonfile.readFile(dataPath, (err, obj) => {
-                if (err) console.log('[ERROR]' + err)
+            readJsonFileOr500(res, dataPath, (obj) => {
                 res.end(JSON.stringify(obj))
             })
             break
         case '/log':
             res.setHeader('Cache-Control', 'no-store')
-            jsonfile.readFile(logPath, (err, obj) => {
-                if (err) console.log('[ERROR]' + err)
+            readJsonFileOr500(res, logPath, (obj) => {
                 res.end(JSON.stringify(obj))
             })
             break
@@ -104,7 +125,7 @@ const server = http
             )
             var contributorsList = []
 
-            Util.post(req, async (params) => {
+            Util.post(req, res, async (params) => {
                 const { token } = params
                 if (token === adminPassword) {
                     await Promise.all(
@@ -176,7 +197,7 @@ const server = http
                 return
             }
 
-            Util.post(req, (params) => {
+            Util.post(req, res, (params) => {
                 const { token, includedRepositories } = params
 
                 if (token !== adminPassword) {
@@ -197,7 +218,7 @@ const server = http
                 res.end('Permission denied\n')
                 return
             }
-            Util.post(req, (params) => {
+            Util.post(req, res, (params) => {
                 const { token, startDate } = params
 
                 if (token !== adminPassword) {
@@ -219,7 +240,7 @@ const server = http
                 return
             }
 
-            Util.post(req, (params) => {
+            Util.post(req, res, (params) => {
                 const { token, interval } = params
 
                 if (token !== adminPassword) {
@@ -241,7 +262,7 @@ const server = http
                 return
             }
 
-            Util.post(req, (params) => {
+            Util.post(req, res, (params) => {
                 const { token, username } = params
 
                 if (token !== adminPassword) {
@@ -272,7 +293,7 @@ const server = http
                 return
             }
 
-            Util.post(req, (params) => {
+            Util.post(req, res, (params) => {
                 const { token, username } = params
 
                 if (token !== adminPassword) {
@@ -288,6 +309,10 @@ const server = http
                     API.getContributorAvatar(username).then((result) => {
                         if (result === '') {
                             res.end(JSON.stringify({ message: 'Not found' }))
+                        } else if (!result) {
+                            res.end(JSON.stringify({
+                                message: 'Unable to fetch contributor profile. Check GitHub token and network connectivity.',
+                            }))
                         } else {
                             // Add this contributor in config.json
                             Config.contributors.unshift(username)
@@ -332,8 +357,7 @@ const server = http
                 return
             }
 
-            jsonfile.readFile(dataPath, async (err, obj) => {
-                if (err) console.log('[ERROR]' + err)
+            readJsonFileOr500(res, dataPath, async (obj) => {
                 res.end(JSON.stringify(await API.getStats(obj)))
             })
             break
@@ -343,8 +367,7 @@ const server = http
                 return
             }
 
-            jsonfile.readFile(dataPath, async (err, obj) => {
-                if (err) console.log('[ERROR]' + err)
+            readJsonFileOr500(res, dataPath, async (obj) => {
                 const query = url.parse(req.url, true).query
 
                 // Gets list of contributors sorted by parameter if provided
@@ -381,8 +404,7 @@ const server = http
                 return
             }
 
-            jsonfile.readFile(dataPath, async (err, obj) => {
-                if (err) console.log('[ERROR]' + err)
+            readJsonFileOr500(res, dataPath, async (obj) => {
                 const query = url.parse(req.url, true).query
 
                 if (query.username) {

diff --git a/src/server/refresh.js b/src/server/refresh.js
@@ -28,8 +28,8 @@ if (fs.existsSync(logPath)) {
 async function getAllContributorsInfo() {
     let Config = jsonfile.readFileSync(configPath)
     let organization = Config.organization
-    let contributors = Config.contributors
-    let includedRepositories = Config.includedRepositories
+    let contributors = Array.isArray(Config.contributors) ? Config.contributors : []
+    let includedRepositories = Array.isArray(Config.includedRepositories) ? Config.includedRepositories : []
 
     interval = contributors.length < 150 ? 150 : (contributors.length + 10) // update interval
 
@@ -40,11 +40,12 @@ async function getAllContributorsInfo() {
 
         await Promise.delay(delay * 1000)
 
-        API.getContributorInfo(organization, contributor, includedRepositories).then( res => {
+        try {
+            const res = await API.getContributorInfo(organization, contributor, includedRepositories)
             Config = jsonfile.readFileSync(configPath) // update Config
             delay = Config.delay // update delay
 
-            if (res.avatarUrl !== '' && res.issuesNumber !== -1 && res.mergedPRsNumber !== -1 && res.openPRsNumber != -1) {
+            if (res && res.avatarUrl !== '' && res.issuesNumber !== -1 && res.mergedPRsNumber !== -1 && res.openPRsNumber !== -1) {
 
                 dataBuffer = jsonfile.readFileSync(dataPath)
 
@@ -57,8 +58,12 @@ async function getAllContributorsInfo() {
                         if (err) console.error(err)
                     })
                 }
+            } else {
+                console.log(`[WARNING] Skipped update for ${contributor}. Check GitHub token, rate limit, or network status.`)
             }
-        })
+        } catch (err) {
+            console.log(`[ERROR] Failed to update ${contributor}: ${err && err.message ? err.message : err}`)
+        }
 
         // Record time
         logBuffer.endtime = Date.now()
@@ -70,4 +75,4 @@ async function getAllContributorsInfo() {
 }
 
 getAllContributorsInfo()
-setInterval(getAllContributorsInfo, interval * delay * 1000)
+setInterval(getAllContributorsInfo, interval * delay * 1000)
diff --git a/src/server/util/API.js b/src/server/util/API.js
@@ -4,6 +4,19 @@ const chalk = require('chalk')
 
 const BASEURL = 'https://github.com'
 const APIHOST = 'https://api.github.com'
+let hasLoggedBadCredentials = false
+
+function getRateLimitResetMessage(headers) {
+    const resetHeader = headers && headers['x-ratelimit-reset']
+    if (!resetHeader) {
+        return ''
+    }
+    const resetTime = Number(resetHeader) * 1000
+    if (!Number.isFinite(resetTime)) {
+        return ''
+    }
+    return ` Retry after ${new Date(resetTime).toISOString()}.`
+}
 
 async function get(url, _authToken) {
     try {
@@ -23,25 +36,40 @@ async function get(url, _authToken) {
         })
     } catch (err) {
         if (err.code === 'ECONNABORTED') {
-            console.log(chalk.yellow('[WARNING] Time Out.'))
+            console.log(chalk.yellow('[WARNING] GitHub API request timed out.'))
             return
         }
         if (err.response !== undefined) {
             const message = err.response.data.message
-            switch (message) {
-            case 'Bad credentials':
+            if (message === 'Bad credentials') {
+                if (!hasLoggedBadCredentials) {
+                    console.log(
+                        chalk.red(
+                            '[ERROR] GitHub token is invalid or expired. Please update src/server/config.json (authToken) and restart the server.'
+                        )
+                    )
+                    hasLoggedBadCredentials = true
+                }
+                return
+            }
+            if (message && message.indexOf('API rate limit exceeded') === 0) {
                 console.log(
-                    chalk.red(
-                        '[ERROR] Your GitHub Token is not correct! Please check it in the config.json.'
+                    chalk.yellow(
+                        '[WARNING] GitHub API rate limit exceeded.' +
+                            getRateLimitResetMessage(err.response.headers)
                     )
                 )
-                process.exit()
-                break
-            default:
-                console.log(chalk.yellow('[WARNING] ' + message))
+                return
             }
+            console.log(chalk.yellow('[WARNING] ' + message))
         } else {
-            console.log(err)
+            console.log(
+                chalk.yellow(
+                    `[WARNING] GitHub API request failed: ${
+                        err.message || 'Unknown network error'
+                    }`
+                )
+            )
         }
     }
 }
@@ -130,6 +158,9 @@ async function getContributorInfo(
     contributor,
     includedRepositories
 ) {
+    if (!Array.isArray(includedRepositories)) {
+        includedRepositories = []
+    }
     const home = BASEURL + '/' + contributor
     const avatarUrl = await getContributorAvatar(contributor)
     let OpenPRsURL = `/search/issues?q=is:pr+author:${contributor}+is:Open+created:>=${Config.startDate}`

diff --git a/src/server/util/Util.js b/src/server/util/Util.js
@@ -1,4 +1,4 @@
-function post(req, callback) {
+function post(req, res, callback) {
     if(req.method === 'POST') {
         let body = ''
 
@@ -10,6 +10,9 @@ function post(req, callback) {
             try {
                 callback(JSON.parse(body))
             } catch (ex) {
+                res.statusCode = 400
+                res.setHeader('Content-Type', 'application/json')
+                res.end(JSON.stringify({ message: 'Invalid JSON body' }))
                 return
             }
         })

diff --git a/test/.eslintrc b/test/.eslintrc
@@ -0,0 +1,8 @@
+{
+    "env": {
+        "node": true
+    },
+    "globals": {
+        "test": "readonly"
+    }
+}
diff --git a/test/README.md b/test/README.md
@@ -0,0 +1,15 @@
+# Regression tests
+
+This directory holds **automated regression tests** for server behavior (starting with invalid JSON handling for admin `POST` bodies and related error-handling work).
+
+Tests are run with Node’s built-in test runner (`node --test`). **Node.js 18+** is required.
+
+`npm test` runs `test/**/*.test.js` so new files can be added without changing the script.
+
+Some tests were initially drafted with AI assistance; they are **kept in the repository on purpose** so the project builds a lasting regression suite instead of generating tests only to discard them after a green run.
+
+From the repo root:
+
+```bash
+npm test
+```
diff --git a/test/util-post.test.js b/test/util-post.test.js
@@ -0,0 +1,39 @@
+const { test } = require('node:test')
+const assert = require('assert')
+const { EventEmitter } = require('events')
+const Util = require('../src/server/util/Util')
+
+test('Util.post sends 400 JSON when body is not valid JSON', async () => {
+    const req = new EventEmitter()
+    req.method = 'POST'
+
+    let settle
+    const done = new Promise((resolve) => {
+        settle = resolve
+    })
+
+    const res = {
+        statusCode: 200,
+        headers: {},
+        setHeader(name, value) {
+            this.headers[name] = value
+        },
+        end(payload) {
+            this.body = payload
+            settle()
+        }
+    }
+
+    Util.post(req, res, () => {
+        assert.fail('callback must not run when JSON.parse throws')
+    })
+
+    req.emit('data', Buffer.from('{not-json'))
+    req.emit('end')
+
+    await done
+
+    assert.strictEqual(res.statusCode, 400)
+    assert.strictEqual(res.headers['Content-Type'], 'application/json')
+    assert.deepStrictEqual(JSON.parse(res.body), { message: 'Invalid JSON body' })
+})