I have a website that displays records from a database. I have set up a feedback form so if someone spots a mistake in a record, they can report it so it can be set right. I use a Github Personal Access Token (PAT) to create a Github issue when the form is submitted, and then the appropriate team member is notified. It all works fine, but my questions:
This is potentially opening up the possibility of spam issues being created. How can I catch that? I have also set up a question-answer barrier before the user can submit the form (to determine it is not a robot trying to create fake issues) but, of course, this is not fool-proof.
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
Any other gotchas I should be aware of before I unroll this to public users?
The PATs seem to expire after a certain period of time. Is there a way to generate a PAT that lasts a long time?
As documented, a PAT only expires if you selected an expiration period at its creation:
For creating issues, make sure you have selected only the scope public_repo
or repo
permission on your Personal Access Token.
public_repo
will only grant the ability to manipulate public repositories.Note sure about issue spam, except for reporting those when you see them.