how voting works
Votes are spirby’s signal of demand. They are designed to be hard to inflate.
the rule
Section titled “the rule”One vote per person, per post. That holds whether a person is signed in or voting anonymously. Voting again toggles the vote off; it is a single up/down switch, not a counter.
signed-in voters
Section titled “signed-in voters”When a user is signed in, every vote is keyed to their user id. Click vote: the vote is recorded, the post counter increments, the button shows it is on. Click again: the vote is removed, the counter decrements.
A signed-in user is bound to one vote per post by a database constraint, so even a flurry of clicks during a flaky network cannot count twice.
anonymous voters
Section titled “anonymous voters”Anonymous voting is gated by a one-time email confirmation. The flow is in the next article: anonymous voting.
The dedupe key is the lowercased, hashed email (sha256(email)). Two anonymous voters with the same email count as the same person.
what counts as a vote
Section titled “what counts as a vote”The vote count on a post is the number of distinct voters. After a merge, spirby recomputes that number from the moved rows so the count cannot drift from the underlying data.
privacy
Section titled “privacy”The dedupe key on every vote is sha256(lowercase(email)), never the raw address. For anonymous voters spirby also stores the plaintext email on the vote row solely so it can deliver post-status notifications; for signed-in voters that field is null and email is read from the user record at send time. The list of voters on a post is never exposed to other voters or anonymous visitors.