New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anonymous comments - [Feature request] #542
Comments
I think it's a great idea , but there is an issue about that. May be I will fork and do some change. I got and idea from other repo which is shown below I have seen an update based on this idea used in gitalk . The repo that implement the idea is gitalk-new His method is that saving accessToken in the file ,when visitor who want to comment , it will send the comment to the designated servers, let server to finish the comment's creation , and return to the front 。Here is how it can be done Create a new github account for anonymous commentsget Personal access token
Your must select the repo and user options in Scope. Post Message for anonymous commentswhen you set the anonymous_api,if user click on the button for anonymous comment , it will send a post request to anonymous_api
Authentication Request messagewhen people click to sign in , it will switch to this website
if it is succesfully authenticated it will return to the blog page with the perameter access_token which will be stored in localStorage and immediately delete it in the url this is how it work in gitalk-new. May it help the build of |
Both the user logged into github and anonymous (through a bot) manage to open issues, so there is the problem of spam (as reported here) in both cases. To solve this, a possible solution to alleviate and let the task be automated is to create a workflow (github actions) so that it will look for specific keywords in the comment and will mark (or even remove it) automatically. This workflow would be triggered every time a comment appears in the repository (issue.comment). Another solution would be to pass a github user and a PAT (Personal Access Token) in the frontend to the bot to comment anonymously using an account created by the user. This would reduce the liability issue of the official utterance bot. Another solution to reduce the chances of the bot creating messages without moderation would be like this: every time the reader wanted to comment anonymously, by checking in a checkbox or simply clicking on a "send anonymously" button, the utterance bot would create a comment as encrypted text followed by a tag, then a workflow that would be looking at new issues would trigger in the repository, which would look for the tag and decrypt the text at runtime. Then, the workflow would use a PAT of a user configured in the repository and create a comment (then enter the aforementioned spam analysis) based on the encrypted text and remove the official comment from the bot. Encrypted text would reduce the risk of the bot being reported as abuse, even if the user did not create the workflow file. To prevent a user from making multiple comments (flood), something some catpcha + IP/cokie session based timer per post would reduce the effect of this problem. I'm trying my hardest to think of something to stick to existing levels of infrastructure, trying to take advantage of the utterance service itself. Using another backend server (as here) for this would be out of scope, after all, if I have a server available, better use https://commento.io, no? |
@dingiso I found the repository of the backend code of the user you quoted. |
Is it possible to add anonymous comments functionality? My idea was to create some device in the application to add an account on github already created just to make anonymous comments.
This would also work for readers who do not have a github account. So, the frontend application would have a field for name, one for email and one for comment, so, when clicking on comment, this anonymous account would write in the body of the issue comment the name, email and respective comment.
One issue I consider is the security of the password for this anonymous account. So, I think I would solve this problem by creating a Personal Access Token with minimal permissions, like commenting on issues.
What do you think?
The text was updated successfully, but these errors were encountered: