freyja-lynx.dev / geocache-world
geocaches for the atmosphere
fork atom

README rewrite

The readme is not really representative of my current direction with the project. This should fix that.

authored by freyja-lynx.dev and committed by tangled.org 5ba0b961 5f28fb9e

options
unified split
Changed files
+34 -11
README.md
+34 -11
README.md
··· 1 1 # geocache.world 2 - ## Social geocaching, owned by you 2 + ### let's go outside together 3 + 4 + ### roadmap 5 + 1. Finish up fleshing out the baseline lexicon 6 + 2. Fix this repo and/or move to a new one as I'm ditching the original Rust + HTMX plan 7 + 3. Build a frontend in Gleam that leverages Quickslice for rapid prototyping 8 + 4. Build the attestation/token tooling 9 + 10 + ### tl;dr manifesto 11 + Going outside is fun. Geocaches are a fun reason to go outside. Wouldn't it be cool if your cache's guestbook was both physical and digital? 12 + 13 + geocache.world should be fun. You should own the online representation of your geocache. geocache.world should not lock you in -- you should be able to run the frontend, clone 14 + the backend, and run it all on your own while having the same features as anyone who's using the "official" website. 15 + 16 + ### token attestation? 17 + The basic format I'm creating right now is: 18 + - Create a public/private keypair for your geocache 19 + - Associate the geocache with it's public key 20 + - Use the private key to create signed "tokens" that are stored with the geocache (or other ways) 21 + - Visitors take a "token" and include it with their online visit record 22 + - Decrypt the token, that visit actually happened. 23 + 24 + The token format is not well defined yet, but will basically just be something like a JSON string that at minimum contains a UUID representing the token. I'm thinking of 25 + making a custom UUID format which is deterministic on the location of the geocache + provide some ordering to tokens so that: 26 + - The geocache can publish a range of tokens that are currently available 27 + - The owner can disown/reject tokens if they ever choose to by publishing disallow ranges 3 28 4 - this project is a work in progress. currently, nothing is solid! 29 + You can encode literally anything else you want. A message for everyone? Parts of a story? A link to your portfolio? It's your geocache. Do whatever you want (as long as it fits 30 + on a QR code, which is the intended token format _now_). 5 31 6 - ### Things to do 7 - 1. flesh out an experimental lexicon `world.geocache.experimental.*` 8 - 2. build out the backend so a user can log in w/ OAuth 9 - 3. build out a way to create geocaches 10 - 4. build out a way to find geocaches 11 - 5. ...? 32 + What about bad actors? Well, for one: if you're being a bad actor over something this silly, you're silly. For two: that's where the cryptography comes in. 33 + Signing each token with the private key won't keep the token data secure (you can just create the token data), but the token means nothing on its own. The meaning 34 + comes from the decryption using the cache's public key. Is it entirely fool proof? Probably not, I'm not a cryptographer. But it should provide just enough "safety" through scarcity. 35 + Hopefully. 36 + 37 + There's a lot of open questions. I'm building haphazard. We'll see where it goes. 12 38 13 - ### the stack, so far 14 - - rust w/ axum 15 - - htmx (probably add alpine.js when the time comes) 16 39 17 40 ### want to help? 18 41 reach out to [@freyja-lynx.dev!](https://bsky.app/profile/freyja-lynx.dev)