I decided to start working on this web application to occupy my time during the Coronavirus quarantine. One of the things I'm most passionate about is music; I currently play both the piano and handpan. My love of music is another reason why I decided to create this website- to serve as a way to bring people together. My hope is that this website will be used as a way to develop common bonds between people and open new avenues of conversation in existing friendships.
What it does
Music compatibility uses your Spotify listening history over the past 6 months to compare your music taste with others. This is done by counting the number of identical top genres, artists, and songs the two compared users have in common and then doing a little bit of magic to calculate a resulting score. It's a great way for you to see what you and your friends can both enjoy when on a long car ride or just hanging out.
How I built it
I built this website using an Angular frontend and a Firebase backend. Each time a new user logs in, they grant access through the Spotify authentication flow, and then my application stores information on their listening over the past 6 months. From there, the user can easily generate a shareable link or code for their friends to use and compare with.
Challenges I ran into
One of the biggest challenges I ran into was malicious users. While the database itself was secured, when viewing a link, even un-authenticated users can read the name of the link owner. When the application blew up in popularity one weekend, reaching over 150k users, an attacker was able to DDoS my cloud database, reading the name from a link over 200 million times and costing me nearly $200. After that incident, I relocated the app from its original domain and let things quiet down. It was sad to do, but I also was able to learn a valuable lesson in security. After discussing what had happened with a few professors and colleagues, I was able to learn a lot about database security and what I can do better on the next project I work on.
Accomplishments that I'm proud of
Reached over 150 thousand users, Trended on Twitter for a few hours
What I learned
Cybersecurity, cybersecurity, cybersecurity. Since I had never built this application with the expectation that it would become big, I never anticipated being attacked. Consequently, I wasn't adequately prepared for when my database was DDoSed. Although I wasn't storing any sensitive information, it was still a pretty intimidating experience and served as a sort of wake up call for the future.