DEV Community

Firew Shafi
Firew Shafi

Posted on

Do You Have a Dollar?

#jokes #socialmedia #discuss

I want to tell you about the dumbest thing I built this month that somehow became one of the projects I'm most proud of.

It started as a joke — literally. I was messing around on a weekend, not trying to build anything serious, and I thought: what if there was a platform where an AI panhandler robot begged you for change in exchange for letting you post a joke on the internet? A dollar minimum. Public leaderboard. The robot is broke. You are the solution.

I called it Do You Have a Dollar? — allegedly the world's first JaaS platform (Jokes as a Service). Allegedly, because I genuinely don't know if someone built this before me and I refuse to google it.

The part where the universe started rewarding me for doing the boring stuff right
Here's what I didn't expect: taking the "joke project" seriously actually paid off.

I decided early on that even though this was silly, I was going to build it like it was real. That meant:

No API keys in the frontend. Not even once.
CORS locked down to an allowlist, not a wildcard *
OTP login with rate limiting (3 sends per email per 15 minutes)
Secrets managed through Cloudflare Worker secrets, never in code
JWT signed with a strong random key
That last one bit me by the way. I had a fallback 'demo-secret-change-me' in the code and almost shipped with it. The universe was watching.

Then something unexpected happened: it all just worked. Not in a "it compiled" way. In a "someone actually tried to use it and it held up" way. The payment flow worked first try in production. The OTP emails delivered. No keys leaked in the network tab.

I think there's something to be said for doing the unsexy security work on a project you don't take seriously. You're not stressed. You're not rushing to ship a feature. You just... do it right because why not.

What I actually built
The stack is embarrassingly simple:

Frontend: Vanilla JS. No framework. Just vibes and

fetch()
.
Backend: Cloudflare Workers + D1 (SQLite at the edge)
Payments: Stripe + PayPal (yes, both — because why pick one when you're already here)
Email: Resend with a branded dark-mode HTML template for the OTP
Auth: Magic link / OTP flow — no passwords
The "AI panhandler" is just a robot emoji and some well-placed copy. But the framing does something interesting — it makes the whole experience feel like a bit rather than a transaction. People seem more willing to give money when the thing asking for it is openly ridiculous about it.

The unexpected things
A few things happened that I didn't anticipate:

  1. Stripe Link autofilled my own card on my own site. I panicked for a second thinking I'd leaked something. Turns out Stripe's "Link" feature saves payment methods across merchants. My card showed up because I'm a Stripe user. It's a feature. A good one, actually — it boosts conversion.

  2. Securing a joke website is not itself a joke. I spent more time on the security audit than on the actual product logic. And I don't regret it. Finding out that my CORS was set to * the whole time was a good reminder that "it's just a side project" is how you become a case study.

  3. The robot has more personality than most SaaS landing pages. Turns out giving your app a character — even a broke, desperate robot — makes people engage with it differently. The tone is the feature.

Where it is now
It's live at doyouhaveadollar.com. I have no idea if anyone will pay a dollar to post a joke on the internet. But it works, it's secure, and the robot is standing by.

If you've got a dollar and a terrible joke, you know what to do.

Have you ever built something dumb and accidentally learned something real from it? I'd love to hear it in the comments.

Top comments (0)