(no title)

Thanks for actually reading and providing genuine technical feedback! I'm new to writing about my work so I appreciate you sticking through the meandering. Also didn't expect this to get posted here by a cross-post bot.

Definitely agree with your point about redis. This was explicitly a learning exercise for me to learn redis. For other hobby projects I'll keep using in-memory structures to keep things simple. For more serious projects I'll stick to postgres. One thing I did appreciate about redis though was the sorted set functionality which made it trivial to implement the top 10 page. As far as I know most SQL databases don't have an equivalent structure?

The Uuid from the request-id header was actually used internally to associate a submitted number with a pending request, so it served a double purpose along with monitoring. I probably should have realized that the header could be overridden to a non-Uuid. Using the unwrap() there surfaced the issue pretty quickly and it was a straightforward fix once it came up, but returning an 500 would have been surfaced just as easily and not caused the server to crash. I've now learned my lesson about keeping unwrap() far away from any server code when I'm writing other web applications in rust.

The lack of any sort of input validation was mostly intentional as I only expected friends to play with it and wanted to see what they would do with the ability to submit arbitrary-length strings. Once it got a bit of attention and more people started trying to break things is when it became a problem.

Mostly I just wanted to share the silly ways people managed to mess with the site once it got a modest audience between just people I knew personally, but hopefully other people can learn from my mistakes like I did!