[Suggestion] Add click counter

[viliml]

Like http://nyanpass.com/

[DCNick3]

But click counter like this will break the idea of static site, won't it?

[trung674]

We can just read/write the counter to a txt/json file. A simpler way is to make this server side

[DCNick3]

But github pages provides only static page hosting. There's no way to edit some files there.

[caguiclajmg]

A global counter would probably be doable via Ajax and an external server, whilst still being a static site.

[trung674]

But github pages provides only static page hosting. There's no way to edit some files there.

You are right. My brain not working yesterday 😋

A global counter would probably be doable via Ajax and an external server, whilst still being a static site.

How about using headless CMS like Contentful to pull/update the counter?

[caguiclajmg]

How about using headless CMS like Contentful to pull/update the counter?

Whatever platform/service its going to be implemented on is probably irrelevant in this context (I reckon the discussion is about platelet-clicker and not platelets.fun).

How it will be implemented is the question here, perhaps decide on endpoint names so whoever wants to run their own instance can just swap out a variable and point it to their own "counter" server.

[DCNick3]

And the other question is WHEN we should send updates about count. Another question is security: the user might cheat and manipulate counter: increase its value too fast or decrease it.

What comes to mind:

• After loading page client connects to server and gets token, which will identify him
• Periodically (and on page close) platelet-clicker will send to server clicks_delta with token. Server should check if delta is not too big for specified amount of time. Also it should check if delta is positive.

This will require not only simple JSON file, but also database to save information about tokens, like time of last delta submit. But this will not allow user to manipulate counter easily.

Another attack vector is getting many tokens at time and "clicking" it at the same time. Don't know what how to disallow this.

[caguiclajmg]

Server should check if delta is not too big for specified amount of time. Also it should check if delta is positive

One way to go about this is the server should only accept the submission if the time since last submission is >= time_threshold (say 30 seconds) and only cap the delta_clicks value to some amount for every submission.

With this, the problem of "how often" becomes irrelevant since the server won't be accepting submissions that are sooner than the allowed frequency. This just becomes an issue of not hammering the server with too much requests.

About the exploit about getting many tokens and "clicking" on them all at once, there's no clear-cut way of preventing this and I think can be let off considering this is supposed to be simple web app. Sure someone can write a script that requests an obscene amount of tokens but since rate-limiting is in place some of the effects are mitigated (they're essentially capped to number_of_tokens * clicks_delta_max every 30 seconds).

[DCNick3]

In terms of programming language: the easiest choice is PHP. A LOT of servers and hostings (including free of charge ones) support it. But it will be very problematic to code with it...

[trung674]

Since it is a simple web app, why dont we make the whole thing server side and rent a $5 vps on digital ocean ?

[DCNick3]

The idea is not to have only platelets.fun service, but a platelet-clicker project, that can be set up easily be anyone interested. That's why I offer PHP. Of course it can be anything like python, js, or go. But the idea is to keep it simple to maintain, isn't it?

[caguiclajmg]

A reference implementation in Node.js can now be found over at platelet-counter. Next step would be integrating the API into platelet-clicker.