From 5f17f071394cec6156a77ee532967e2e51f7ea39 Mon Sep 17 00:00:00 2001
From: Alkaid <GeorgeYuan233@gmail.com>
Date: Fri, 7 Jul 2023 18:06:50 +0800
Subject: [PATCH] fix(security): Resolve accidental GitHub Personal Token leak

Fixes the issue where the GitHub Personal Token was accidentally leaked in the previous commit. This commit implements the necessary measures to ensure the token is properly protected and not exposed.

The accidental token leak posed a security risk, potentially allowing unauthorized access to sensitive information. By addressing this issue promptly, we have mitigated the risk and strengthened the security of our project.

This fix ensures that the GitHub Personal Token is securely stored and accessed only when required, preventing any further accidental exposure. We apologize for any inconvenience caused and appreciate your understanding.
---
 annotation-setting.yaml    |  5 ++++-
 templates/page_github.html | 24 ++++++++++++------------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/annotation-setting.yaml b/annotation-setting.yaml
index 7220fea..02ac6c4 100644
--- a/annotation-setting.yaml
+++ b/annotation-setting.yaml
@@ -132,6 +132,9 @@ spec:
     kind: SinglePage
   formSchema:
     - $formkit: "text"
-      name: "username"
+      name: "github_username"
       label: "Github用户名"
+    - $formkit: "text"
+      name: "github_token"
+      label: "Github Token"
   
\ No newline at end of file
diff --git a/templates/page_github.html b/templates/page_github.html
index f01e4da..e233031 100644
--- a/templates/page_github.html
+++ b/templates/page_github.html
@@ -2,7 +2,7 @@
  * @Author: Alkaid(AlkaidMegrez@outlook.com)
  * @Date: 2023-07-06 16:57:34
  * @LastEditors: Alkaid(AlkaidMegrez@outlook.com)
- * @LastEditTime: 2023-07-07 13:17:34
+ * @LastEditTime: 2023-07-07 18:02:23
  * @FilePath: /theme-crux/templates/page_github.html
  * @Description: 
  * 
@@ -11,7 +11,7 @@
 <!DOCTYPE html>
 <html xmlns:th="https://www.thymeleaf.org" th:replace="modules/layout :: html(content = ~{::content})">
 <th:block th:fragment="content">
-    <div  x-data="github" class="w-full grid grid-cols-8 gap-2 py-6" id="app" x-show="loading">
+    <div x-data="github" class="w-full grid grid-cols-8 gap-2 py-6" id="app" x-show="loading">
         <div class="col-span-10 space-y-2 animate-pulse">
             <div class="flex items-center gap-4 animate-pulse">
                 <div class="h-16 w-16 rounded-lg bg-gray-200" id="avatar"></div>
@@ -22,7 +22,7 @@
             </div>
         </div>
         <div class="col-span-10 border"></div>
-        
+
         <div class="col-span-10 grid grid-cols-3 gap-4 animate-pulse">
             <div class="col-span-3 md:col-span-1 bg-gray-200 rounded-lg h-36 p-4 relative">
                 <div class="absolute top-4 left-4 font-mono text-lg text-gray-800"></div>
@@ -38,14 +38,14 @@
             </div>
         </div>
     </div>
-    <div  x-data="github" class="w-full grid grid-cols-8 gap-4 py-6" id="app" x-show="!loading">
+    <div x-data="github" class="w-full grid grid-cols-8 gap-4 py-6" id="app" x-show="!loading">
         <div class="col-span-10 space-y-2">
             <div class="flex items-center gap-2">
-                <img class="h-16 w-16 rounded-lg " id="avatar"
-                    :src="userinfo.avatar_url" />
+                <img class="h-16 w-16 rounded-lg " id="avatar" :src="userinfo.avatar_url" />
                 <div class="space-y-1">
                     <div class="font-bold text-3xl font-mono" x-text="userinfo.name"></div>
-                    <div class="font-bold text-lg font-mono text-gray-500" th:text="${#annotations.get(singlePage, 'username')}"></div>
+                    <div class="font-bold text-lg font-mono text-gray-500"
+                        th:text="${#annotations.get(singlePage, 'username')}"></div>
                 </div>
             </div>
         </div>
@@ -105,20 +105,20 @@
             userinfo: {},
             repos: {},
             init() {
-                axios.get('https://api.github.com/users/' + [[${ #annotations.get(singlePage, 'username') }]], {
+                axios.get('https://api.github.com/users/' + [[${ #annotations.get(singlePage, 'github_username') }]], {
                     headers: {
-                        Authorization: 'token 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'
+                        Authorization: 'token ' + [[${ #annotations.get(singlePage, 'github_token') }]]
                     }
                 }).then((response) => {
                     this.userinfo = response.data
                     axios.get(this.userinfo.repos_url, {
                         headers: {
-                            Authorization: 'token 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'
+                            Authorization: 'token ' + [[${ #annotations.get(singlePage, 'github_token') }]]
                         }
                     }).then((response) => {
                         this.repos = response.data
-                        this.loading =false
-                        
+                        this.loading = false
+
                     }).catch((error) => {
                     })
                 }).catch((error) => {