Skip to content

DO-SAY-GO/fully-hosted

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 
data.db
data.db
 
 
favicon.png
favicon.png
 
 
index.html
index.html
 
 
init.sh
init.sh
 
 

Repository files navigation

Front and back-end on GitHub

A full-stack web app (database back end and non-static front-end) hosted entirely on GitHub Pages / Actions.

What ??!? Does this really host a full stack SQLite app on GitHub Pages/Actions only?!?!

  • The Guestbook

Security FAQ

ROT13 for the GitHub Personal Access Token, are you serious?!?!?

Yes. Obviously it's not ideal, but it's the only way I could think to do it. The token lets us trigger the workflow. When we trigger it we can pass data to it. That data is then sanitized and written into the database. That creates our whole "serverless backend." The token is scoped to this repo only, and to actions of this repo only.

The ROT13 is necessary to prevent GitHub auto-detecting an "exposed" token and immediately expiring it.

What about sanitizing the user input?

That is done by using single quotes in the SQL insert statement to cause the values to be escaped, and using the "sanitize-html" library.

About

do-say-go.github.io/fully-hosted/

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages