stackoom
  简体   繁体   中英

Can I get code from a private GitHub repository using a GET Request?

 原文  2021-06-12 07:26:13       javascript/ github/ request/ xmlhttprequest

Question

I'm building a website and I want to have some simple authentication. I know this isn't the safest method, but I want something quick and simple. Also, there's no sensitive data on the website that needs extremely secure authentication.

Here's the method I want to use:

I have a private GitHub repo, where there is a JSON file with a person's credentials in this format:

{
    "admin": {
        "username": "USERNAME_HERE",
        "password": "PASSWORD_HERE",
        "id": 7777
    }
}

When a user tries to log in, is there a way a request can get the data from the JSON file? I tried using raw.githubusercontent.com (raw code) but since the repo is private, There's an access token needed at the end of the URL. The access token also expires in some time and a new one is needed.

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
       console.log(xhttp.response);
       let a = JSON.parse(xhttp.response);
    }
};
xhttp.open("GET", "https://raw.githubusercontent.com/username/repo/master/json/data.json?token=MY_TOKEN", true);
xhttp.send();

This works for some time, but then the token expires and the token is also visible within the source code so that method's a no.

If there is some permanent type of token that I can use, I also need to hide it from the source code.

If I can't do this, then is there any way I could host a file online, and be the only one with access to it, perhaps with a token? And it would be nice if I could get some ideas on how I can hide a token from the source code.

1 answers

solution1
 1  2021-06-12 08:38:50

I know this isn't the safest method, but I want something quick and simple.

It isn't remotely safe, nor quick, nor simple.

When a user tries to log in, is there a way a request can get the data from the JSON file?

Use the Github API to read the file (this will require them to authenticate against Github as a user who has permission to read your repository which makes the whole thing awful).

If I can't do this, then is there any way I could host a file online, and be the only one with access to it, perhaps with a token?

Any kind of server-side authentication system will do that.

And it would be nice if I could get some ideas on how I can hide a token from the source code.

The only way to do that would be to have the user type the token in (or use a password manager, etc).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get file content from private GitHub repository via JavaScript How do I get file names from a directory in a repository using Github API Using Graphql and Github API to get repository information Get social media image from Github repository How can I get the number of GitHub issues using the GitHub API? Can I get the source code for the rendered map on github? How can I get the source code from a page using javascript I can't get a response from github api using redux with react.js Github get labels of PULL request from api How Can I Get a Private Feed from Instagram?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM