Mr Lather Man
← BACK TO THE SHELF
THE SOAPSTACK

A community platform for soap.

Mr Lather Man is a small SaaS-style platform that happens to be about washing. Built from scratch, no website builder, no off-the-shelf community kit. Here's what's under the lid.

1
LARAVEL APP
1
POSTGRES DB
11
LAB CHARTS
0
CHART LIBRARIES
THE STACK
RUNTIME

PHP 8.4, Laravel 13, Postgres 17, nginx, php-fpm. No CDN, no third-party hosting beyond mail and payments.

FRONT END

Server-rendered Blade, hand-styled CSS. A strict content security policy forbids inline JavaScript, so every interaction is a small external module.

SQUAD LOGIN

Magic-link only. Members ask for a link by email; one click into a 30-minute dashboard session. No passwords stored anywhere.

DAILY PROMPT

A scheduled job emails the man and every squad member each morning to ask what they washed with. Replies populate the lather year and the soapbase.

MAIL

Microsoft Graph for outbound. Daily prompts, magic links, donation receipts, squad applications, recipient confirmations, all go through one transport.

DONATIONS

Stripe Elements onsite for soap-money donations. Webhook idempotency is recorded in the database before a 200 goes back, so a retried event cannot double-credit.

THE LAB

Every chart on /soaps/lab is hand-written SVG. No d3, no Plotly, no Chart.js. A tiny pub-sub store keeps charts in sync; persistent DOM means hover and brush gestures stay smooth.

The constellation chart runs principal component analysis on the score vector and ships the positions to the browser already computed.

THE HARD BITS
  • The lather year. A 365-day GitHub-style heatmap of every day the man washed. Backed by a single table; the rendering pads the start so the rows line up Sunday at the top, Saturday at the bottom.
  • One-shot daily form. Each day's prompt is bound to one soap and one date by a single-use token, so a stale or tampered submission cannot retarget a different bar.
  • An audit chain. Squad applications, magic-link issues, donations, every state change is appended to an HMAC-chained log written by a dedicated Postgres role with insert-only grants.
  • A redaction processor attached to every log channel so accidentally logging a secret cannot leak it to disk.

Built quietly, on weekends, around the man and a lot of soap.

BACK TO THE SHELF →