using Github personal access token on a public website
I have a website that displays records from a database. I have set up a feedback form so if someone spots a mistake in a record, they can report it so it can be set right. I use a Github Personal Access Token (PAT) to create a Github issue when the form is submitted, and then the appropriate team member is notified. It all works fine, but my questions:
This is potentially opening up the possibility of spam issues being created. How can I catch that? I have also set up a question-answer barrier before the user can submit the form (to determine it is not a robot trying to create fake issues) but, of course, this is not fool-proof.
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
Any other gotchas I should be aware of before I unroll this to public users?
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
As documented, a PAT only expires if you selected an expiration period at its creation:
For creating issues, make sure you have selected only the scope public_repo or repo permission on your Personal Access Token.
public_repowill only grant the ability to manipulate public repositories.- repo will grant the ability to manipulate all repositories you have access to.
Note sure about issue spam, except for reporting those when you see them.
- npm install private github repositories by dependency in package.json
- github Readme - reference issue
- How to "cancel run" for all scheduled github actions at once?
- how to - github two factor authentication with eclipse
- Command to get/clone a fetch/pull/read -only copy of a git repository?
- What is the public URL for the Github public keys
- Unable to deploy flutter project to Github Pages
- Who is allowed to transfer a repo ownership
- How to set up GitHub credentials for an Organization in Jenkins?
- local cache for a github repository?
- Create NuGet Package with GitHub Actions
- gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
- How to make GitHub desktop use ssh by default?
- Force dependabot to scan my github repo without open PRs
- Cannot upload files for release in Github
- How to create a commit status in GitHub?
- How to create a folder in GitHub Actions?
- git lfs "objects" taking a lot of disk space
- GitHub Copilot - please login to github and try again
- Access Jenkins github-webhook script to change GitHub URL
- fatal: unable to access ".....": gnutls_handshake() failed: Handshake failed
- How to unfork a GitHub repository?
- How to store GitHub wiki as part of source
- markdown latex driving me crazy with hugo on github
- Clone a repository from GitHub Enterprise with go-git
- How can I cherry-pick only changes to certain files?
- Git - Pushing code to two remotes
- Add-AppxPackage : Deployment failed with HRESULT: 0x80073CF3, Package failed updates, dependency or conflict
- how to get all GitHub pages from repos associated to a username
- How to add color to GitHub's README.md file