Feature: Anonymous Mod Rating System (No Login Required)

[AgentKush]

Re-opening the idea from #6 — but without user login

The original suggestion was closed because it required user authentication. This implementation uses browser fingerprinting + rate limiting instead, so users can rate mods without creating an account.

How it works

• Each mod gets a thumbs-up button with a vote count
• When a user clicks it, a lightweight fingerprint is generated from their browser (screen size, timezone, user agent, language, platform) and hashed
• The hash is sent to the server and checked against a mod_votes Firestore collection
• If that fingerprint already voted for this mod, the vote is rejected
• If it's new, the vote count increments and the fingerprint hash is stored
• localStorage also tracks votes client-side so the button stays filled in across page loads

Why fingerprinting instead of login

• No accounts, no passwords, no OAuth — zero friction for users
• Good enough anti-spam for a community this size
• Clearing localStorage alone won't let someone double-vote because the fingerprint is checked server-side
• Not bulletproof against determined manipulation, but realistic for a modding community

Implementation

• New Vote model with Firestore reads/writes
• New VotesController with a single POST action + rate limiting
• New votes_controller.js Stimulus controller for the UI + fingerprint generation
• Upvote button added to the mod detail page (show.html.erb)
• Vote counts optionally shown on the mods index table

Files changed

• config/routes.rb — POST route for votes
• app/models/vote.rb — Firestore vote storage and dedup
• app/controllers/votes_controller.rb — vote endpoint with fingerprint validation
• app/javascript/controllers/votes_controller.js — client-side fingerprint + button logic
• app/views/mods/show.html.erb — upvote button UI