I had drawing block all day today man :c So I played with web dev a little today, set up a Postgres database in Docket for testing. Next I want to do integration tests so that I can automate testing and expected behavior.
One thing I thought about was how to deal with malicious users whether they are spamming, posting bad links, or bad images. Unfortunately I figured an account based system is the modern and best in terms of UX of approaching this. An account is just a username and password, no PII tying you. It makes writing guards easie only needing to check them in one place. If I opted to allowing anyone who just visited to post, the system would be more complex. The sign-up form would just have a captcha, country ban, asn ban, ip ban checks. And users who sign-up via VPN/Tor/Proxy can't post images unless they submit a ticket to staff via internal system. I think this is fair, people who use privacy tools for privacy are willing to wait ~1 hour for approval.