Looks like this is fully anonymous and that your auth doesn’t apply on this page (when I visit it with an active session, it doesn’t show as such). I think if you require people to be logged in you’ll already decrease malicious traffic by a lot. Love the idea btw!
Thanks for the feedback. You're right, I need to tie up some loose ends with the auth. Show HN asked that I don't implement restrictions on users trying out the app, and not requiring auth is a good traffic booster. Already implemented a firewall and actively blocking 2M requests.
