very simple webinterface to submit key entries into redis. can be used to process custom “codes” or even qr-codes. basically a sink / sinkhole.
user enters code -> basic validity check -> store in redis -> “result”.
- Go https://go.dev
- net/http
- chi
- go-redis
- Redis https://redis.io/
- just https://just.systems
- contains all of the backend code
- handlers
- routes
- contains the .templ templates from which the *_templ.go files are generated.
- this is basically our frontend. sufficient for now or even forever.
Just is a simple command-runner. To use it, install just and run it. You don’t need it, see ‘compilation’ section below.
just doitor equivalent:
go mod tidy
templ generate
go build ../qrsinkThen, you can point your webbrowser at http://127.0.0.1:8080/ or at http://127.0.0.1:8080/entry or at http://127.0.0.1:8080/scan/CODEHERE (replace CODEHERE with whatever code you like to store).
PLEASE TAKE NOTE - the word “codes” here is used in the sense of QR-codes, or maybe even a short sequences of letters and/or numbers! Just as the ones found under a bottle cap during promotions and tombolas… you can scan or enter them on a website, to maybe win a little something, of course, in exchange for all of your personal data… Maybe even only after first registering and also sending in the original bottle-cap to prove.
Whatever can be entered into the input box is stored into the system… Yes, we have certain ability to say “ok, this is what think a valid code looks like”… example: we can say silly things like “it must be exactly X characters long; contain these or that special character at a certain position… and similar”… But don’t fool yourself. None of this can provide any security or proof of authenticity!!! DO NOT RELY ON IT!
Nowadays, attempts to prevent fraud and counterfeit where it matters, means we no longer have fixed paper codes, but use electronic tickets instead. Such tickets re-generate a new code every 15 seconds, similar to MFA.
Just to make it REALLY clear that there is NO way to rely on these code to always be authentic - they can easily be guessed.
There are 10,000 possible 4-digit PIN codes, ranging from 0000 to 9999.
A fool would assume:
- that it’s hard to “guess” a code format or just brute-force it. It’s not. It’s super easy.
- that anything is hidden in QR codes. It’s nothing but plain text and everyone with a reader can read it (that’s WHY they work, duh…).
- that these codes/tokens themselves are important for this system /
product (whatever it will be), they are not.
- what do I mean by that: “does this code look like something that could be valid? (i.e: EAN)”… “has it been used before?”… “what does this code represent for us, internally, and how do we use it”.
- Including some sort of very clear disclaimer is super important. Like, when there is a big lottery win.. in order to claim the prize, users MUST include some form of physical proof that their code entry actually was legit, and maybe even that they purchased it. So, they have to include some form of personal verification (id/passport/…) the code, the original bottle cap (or whatever), and probably also the receipt that shows they purchased the winning bottle.
Only a fool would do things on the frontend that belong into the backend.
Check out this site, which was recently made -> https://everyuuid.com/ and this blog article… https://eieio.games/blog/writing-down-every-uuid/ … it’s a joke about “listing every UUID ever, possible”.
This should once-and-for-all illustrate what I mean above. IDs, Tokens, Codes, PINs, and everything else can always be brute forced and guessed.