top | item 38887252

Show HN: Hashmap.me – Simple HTTP-Based Data Storage and Retrieval

37 points| MrRowTheBoat | 2 years ago |hashmap.me | reply

I'm excited to share Hashmap.me, a small tool I've built to simplify data storage and retrieval. It's a straightforward service that allows developers to store data records via HTTP requests and retrieve them easily, all without the hassle of setting up and managing a database. Initially I built this because I was tired of creating a database to prototype my own projects, I just wanted to persist my in memory cache between restarts early on.

Each hashmap you create corresponds to its own collection in MongoDB.

Perfect for small projects, quick prototypes, or learning purposes. I'd love to get your feedback and hear your thoughts!

Check it out here: https://hashmap.me

Thanks for taking a look!

37 comments

[+] MrRowTheBoat|2 years ago|reply

Annnnnnnnd someone just infinitely created a bunch of empty hashmaps and maxed out my collections. :)

Thanks HN <3

[+] MrRowTheBoat|2 years ago|reply

Deleted 255 collections. Investigating throttling of some sort...

[+] unknown|2 years ago|reply

[deleted]

[+] politician|2 years ago|reply

Security people: What are the odds this becomes part of the command and control chain for a botnet in the next 30 days?

[+] Retr0id|2 years ago|reply

Botnet maybe not, but as a place to store phished creds etc., quite likely.

Services like requestbin have had a lot of trouble with this sort of thing, historically https://web.archive.org/web/20190711192140/https://github.co...

> We have discontinued the publicly hosted version of RequestBin due to ongoing abuse that made it very difficult to keep the site up reliably. Please see instructions below for setting up your own self-hosted instance.

(note, that message is old, requestbin did live on despite it, iiuc)

[+] mlhpdx|2 years ago|reply

So rate limiting on GET, then, too? How would you prevent abuse while keeping it simple?

[+] MrRowTheBoat|2 years ago|reply

O0f. I could try putting up a no robots sign, maybe that will stop them

[+] RockRobotRock|2 years ago|reply

So what? I could C2 a botnet right now with base64'ed hacker news comments. You don't need a captcha to register an account.

[+] mlhpdx|2 years ago|reply

I really like the simplicity of this and the approachability for students. If I were still teaching CS I’d be using it as part of the curriculum.

Do you support conditional GET AND PUT (i.e. eTags)?

[+] MrRowTheBoat|2 years ago|reply

Hey! Thanks for checking me out.

I do not currently support anything like that, however I think you bring up a very good point, and it could be very beneficial. One could however add their own lastModified variable as a part of the json blob they push up and implement the support themselves. From your teaching perspective of course, that may not be a great experience for the students.

[+] pdanpdan|2 years ago|reply

Wouldn't it be more semantically meaningful if you would use "...api/store/<hash>" with GET and PUT? That way you would also get better caching.

[+] MrRowTheBoat|2 years ago|reply

I like your idea of switching the endpoint specifically for caching, would be a great improvement for the service. This does run on Next.js which offers some sort of caching out of the box. When it becomes a problem, it will definitely be necessary. Thanks for the suggestion!

[+] WhitneyLand|2 years ago|reply

I think it’s pretty cool. It’s got that HomeDepot tool aisle vibe of being appealing even if I don’t have an immediate use for it.

For a second I thought it would be nice to not auto append a UUID to the hash, but I can imagine it’s simpler not having to check for or manage collisions.

[+] MrRowTheBoat|2 years ago|reply

Agreed, I think a fuller version could require authentication and then you'd be able to have whatever name you want maybe?

[+] tony-allan|2 years ago|reply

I would love some feedback on the imagative ways the service has been abused since you created it.

[+] MrRowTheBoat|2 years ago|reply

So far the worst thing is that someone is trying to actively stop my service from being functional? Idk, I guess it's more fun than other things?

Anyways they mass created hashmaps using UUIDs. Someone lower in the comments made a great point on this, unfortunately this is why people have to crack down on things and require accounts and stuff like that before you can use a service.

:) Service is up and running, but we'll see for how long.

[+] MrRowTheBoat|2 years ago|reply

Hmmm, it looks like the post is flagged. I had to look up what that meant. I'm guessing I may be breaking the rule of including the website name in the title of the post. :(

[+] hlesesne|2 years ago|reply

Couldn’t this just as easily be a front end to an object store like s3 - without the need for mongodb?

[+] MrRowTheBoat|2 years ago|reply

Yes! This could be done in many different ways with different technologies.

[+] chaz6|2 years ago|reply

How can I retrieve a single key? As far as I can see, the only read api available returns all keys.

[+] MrRowTheBoat|2 years ago|reply

Hey chaz! Currently not an option, and as I write that out, you're right that it should be an option.

Even if it was something like "/api/read?key=getOnlyThisKey" which returns your value or perhaps a 404 or maybe a 204, implying your response was succesful, but there was no key with the specified requested key.