🚀 Feature: GitHub Repository Sync (SPA-13)

This PR implements the backend synchronization flow to fetch and store a user's GitHub repositories. This allows users to import their projects into Colabs and selectively mark public repositories for collaboration.

🛠️ Key Changes

🗄️ Database Schema

• User Model: Added githubAccessToken, githubRefreshToken, and lastSyncedAt to support authenticated API requests and enforce sync rate limits.
• Project Model: Added isCollaborative boolean flag (default: false) to control public visibility in the project gallery.

🔐 Authentication

• Updated the GitHub OAuth strategy (auth.strategy.ts) to capture and persist access and refresh tokens during the user login/upsert process.

🌐 GitHub API Integration (src/lib/github.ts)

• Dynamic Client: Refactored the API client to support per-user authorization tokens instead of relying solely on a global system token.
• Pagination: Implemented robust link-based pagination in fetchUserRepositories to ensure all repositories are fetched regardless of count.

🔄 Sync Logic & API

• New Endpoint: POST /api/projects/sync-repos — allows users to manually trigger a repository sync.
• Rate Limiting: Implemented a user-based cooldown period (15 minutes) using the lastSyncedAt timestamp to prevent API abuse.
• Idempotent Upserts: Used a "Fetch $\to$ Map $\to$ Upsert" pattern. Repositories are upserted based on their githubRepoUrl to prevent duplicates while keeping metadata (stars, forks, etc.) up to date.
• Visibility Control: Updated listProjects to filter the public gallery by isCollaborative: true, while ensuring users can still see all their own projects regardless of the flag.

🧪 Verification Plan (For Reviewer)

• Auth Flow: Log in via GitHub and verify that the access token is correctly stored in the User table.
• Sync Trigger: Call POST /api/projects/sync-repos and verify that repositories are created/updated in the Project table.
• Rate Limit: Attempt to trigger the sync twice within 15 minutes; verify the second request returns a 429 Too Many Requests error.
• Public Visibility:
  • Verify that a project with isCollaborative: false is hidden from the public GET /api/projects list.
  • Verify that setting isCollaborative: true makes it visible.
• Pagination: Test with an account having >100 repositories to ensure the pagination logic captures everything.

⚠️ Deployment Note

This PR includes a database migration. Please ensure npx prisma migrate dev is run to apply the new columns to the User and Project tables.