Authorising single user to push commits using access token

[r00tdaemon]

I'm not sure if this is already possible or not. The current entries endpoint might be susceptible to abuse as anyone can make the request to https://api.staticman.net/v2/entry/{GITHUB USERNAME}/{GITHUB REPOSITORY}/{BRANCH}/

Is there a way to authorise the request, maybe with an access token? So that only the requests with valid tokens make a PR?

Something like, https://api.staticman.net/v2/entry/{GITHUB USERNAME}/{GITHUB REPOSITORY}/{BRANCH}/ with token=xxyyzz as POST data

This way we can safely get rid of the moderation as well

[r00tdaemon]

An encrypted Token field can be added to config and user can make the request with the original token. The token from request can then be compared with the decrypted token from config to authorise the request.

[VincentTam]

The current entries endpoint might be susceptible to abuse as anyone can make the request to https://api.staticman.net/v2/entry/{GITHUB USERNAME}/{GITHUB REPOSITORY}/{BRANCH}/.

For real examples of this, one may refer to #298.

Is there a way to authorise the request, maybe with an access token? So that only the requests with valid tokens make a PR?

This is already implemented in #219, and further enhanced in #231. You may test @staticmanlab, a public instance for GitLab, which has implemented the later unmerged PR.

N.B. My instance doens't have Akismet and Mailgun since the main goal for setting it up is to test its GitLab support, so I choose not to expose myself to their pricing plans.