server side wordle validation

[nathan fielder voice] the problem:

user submitted wordles are currently only validated on the client. as we know, you can't trust the client. worse, as i've been able to demonstrate, it is absolutely possible to send words that violate validation rules to our firestore DB. in order to stymy red hats, and their ilk, we need a way to validate wordles that cannot be accessed by client side users
we also need to validate for the less evil, but no less insidious, situation wherein a too-clever user tries to change the wordle after they've generated a link
- this should be next to impossible, given our current UI, but it's worth double checking

what i believe we need is a separate server whose entire duty is to do the following:
- expose an end point to our react app (e.g. POST /wordle/submit)
- receive requests to said end point, and validate the word (correct length, no special characters, no tenets of national socialism)
- take over the duty of sending the validated word to firebase (or rejecting the word)
- return a response to the client letting it know whether or not the submission was successful

create an HTTP server: there's a lot of ways to get a server running. my suggestion is that we create a simple Node.js app that can receive HTTP requests (this is essentially a solved problem if you use a library like Express.js)
host the HTTP server: again, many ways to host these kinds of things. my recommendation is to keep things in-house and use firebase cloud functions.
- cloud functions allows us to run javascript code directly on google's servers, much like our react app runs on firebase hosting. cloud functions also let us get a webhook url, which we can bring to our react app as the endpoint that the client will hit to validate the wordle.
- in our use case, if we went the Node app route, we'd create a Node app that can receieve requests, and then deploy said Node app to firebase cloud functions (vs deploying to firebase hosting, as we do for the react app)

this great video that explains step by step how to get a Node app (running Express) hosted onto firebase cloud functions, and how to expose its end points for client side consumption
the firebase docs for getting/setting info on our firestore database. this is the long-and-short of how we do all our reads and writes.
- the import thing to note here is that, right now, we write wordles to the db directly from the client side react app. you may as well read that as anyone with the wherewithal can send any kind of wordle to our DB, and, consequently, to other players
- in my suggested Node app implementation, we would move the firestore functions to the server, far, far, away from the client