How Serverless + Low‑Code Power a Blind Box Lottery in Minutes

Introduction

When Serverless and low‑code technologies intersect in a single business scenario, they can dramatically reduce development cost, shorten time‑to‑market, and improve operational efficiency. This article uses a "blind‑box lottery" activity built with Serverless Devs to illustrate how the two technologies complement each other.

Architecture Overview

The solution consists of a front‑end built with a low‑code tool (hype4) and a back‑end implemented as Serverless functions. The data layer is a simple SSF (Serverless Service Function) deployed as a custom runtime on Function Compute, while the lottery logic runs on a Django service.

The deployment uses a custom runtime instead of an API Gateway, allowing decentralized access and thin front‑end services.

Front‑end Low‑code Implementation

The front‑end is created with the low‑code platform hype4. Designers export assets, add animation effects, and embed JavaScript for API calls. This approach speeds up development by 2‑3× compared with hand‑coded solutions.

Data Layer Serverless Service

The data layer is a simple Express application packaged as a Function Compute custom runtime. It forwards data, renders static content, and retrieves the user’s Alibaba Cloud account ID for prize distribution.

Backend Lottery Logic (Django)

@csrf_exempt
def prize(request):
    uid = request.POST.get("uid", None)
    if not uid:
        return JsonResponse({"Error": "Uid is required."})
    temp_url = "<获取uid的合法性和有效性，重要判断依据>?uid=" + str(uid)
    if json.loads(urllib.request.urlopen(temp_url).read().decode("utf-8"))['Response'] == '0':
        return JsonResponse({"Error": "Uid is required."})
    token = randomStr(10)
    # 获取当日奖品
    prizes = {}
    for eve_prize in PrizeModel.objects.filter(date=time.strftime("%Y-%m-%d", time.localtime())):
        prizes[eve_prize.name] = {"count": eve_prize.count, "rate": eve_prize.rate}
    # 构建抽奖池
    prize_list = []
    for evePrize, eveInfo in prizes.items():
        temp_prize_list = [evePrize, ] * int((100 * eveInfo['rate']))
        prize_list = prize_list + temp_prize_list
    none_list = [None, ] * (100 - len(prize_list))
    prize_list = prize_list + none_list
    pre_prize = random.choice(prize_list)
    # 数据入库
    try:
        UserModel.objects.create(uid=uid, token=token, pre_prize=pre_prize, result=False)
    except:
        try:
            if not UserModel.objects.get(uid=uid).result:
                return JsonResponse({"Result": "0"})
        except:
            pass
        return JsonResponse({"Error": "Everyone can only participate once."})
    if not pre_prize:
        return JsonResponse({"Result": "0"})
    user_id = UserModel.objects.get(uid=uid, token=token).id
    users_count = UserModel.objects.filter(pre_prize=pre_prize, id__lt=user_id, date=time.strftime("%Y-%m-%d", time.localtime())).count()
    if users_count >= prizes.get(pre_prize, {}).get("count", 0):
        return JsonResponse({"Result": "0"})
    UserModel.objects.filter(uid=uid, token=token).update(result=True)
    return JsonResponse({"Result": {"token": token, "prize": pre_prize}})

The service validates the UID, builds a prize pool based on configured rates, ensures each prize is not over‑issued, and records the winning result.

Security Settings

After a user wins, a random token combined with the uid is stored to prevent brute‑force enumeration of other users' information. The system also checks token uniqueness during the temporary domain issuance phase.

@csrf_exempt
def information(request):
    uid = request.GET.get("uid", None)
    token = request.GET.get("token", None)
    if None in [uid, token]:
        return JsonResponse({"Error": "Uid and token are required."})
    userInfor = UserModel.objects.filter(uid=uid, token=token)
    if userInfor.count() == 0:
        return JsonResponse({"Error": "No information found yet."})
    if not userInfor[0].result:
        return JsonResponse({"Error": "No winning information has been found yet."})
    if request.method == "GET":
        return JsonResponse({"Result": {"prize": userInfor[0].pre_prize, "name": userInfor[0].name, "phone": userInfor[0].phone, "address": userInfor[0].address}})
    elif request.method == "POST":
        name = request.POST.get("name", None)
        phone = request.POST.get("phone", None)
        address = request.POST.get("address", None)
        if None in [name, phone, address]:
            return JsonResponse({"Error": "Name, phone and address are required."})
        userInfor.update(name=name, phone=phone, address=address)
        return JsonResponse({"Result": "Saved successfully."})

Deployment Process

1. Configure Alibaba Cloud credentials. 2. Initialize the project with s init blindbox-game. 3. Modify configuration and run s deploy. 4. The function is deployed with a custom domain generated by Function Compute.

s init blindbox-game

Effect Preview

Conclusion and Future Outlook

From a developer’s perspective, seamless integration of low‑code front‑ends with Serverless back‑ends can greatly improve productivity, but tight coupling may risk vendor lock‑in. From a vendor’s view, many cloud providers already combine Serverless and low‑code offerings (e.g., AWS Lambda + Step Functions, Azure Power Apps, Alibaba Cloud Function Compute + Micro‑App platform).

Building a comprehensive Serverless + low‑code platform requires capabilities such as data modeling, API generation, long‑running services, external service integration, UI orchestration, security, CI/CD, and observability.