Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/saif-gitreps/url-shortener-backend
A Node.js application where users can create ShortIds for long URLs without authentication. Authenticated users can keep track of their URLs, create custom ShortIds, delete them, and monitor URL analytics.
https://github.com/saif-gitreps/url-shortener-backend
bcryptjs csrf-protection express-js helmet jwt-authentication middelware mongodb nodejs postman
Last synced: about 1 month ago
JSON representation
A Node.js application where users can create ShortIds for long URLs without authentication. Authenticated users can keep track of their URLs, create custom ShortIds, delete them, and monitor URL analytics.
- Host: GitHub
- URL: https://github.com/saif-gitreps/url-shortener-backend
- Owner: saif-gitreps
- Created: 2024-03-12T12:25:52.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2024-10-12T13:00:48.000Z (3 months ago)
- Last Synced: 2024-11-05T09:47:45.765Z (3 months ago)
- Topics: bcryptjs, csrf-protection, express-js, helmet, jwt-authentication, middelware, mongodb, nodejs, postman
- Language: JavaScript
- Homepage:
- Size: 3.49 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# API Server for a URL Shortener Application
A Node.js application where users can create ShortIds for long URLs without authentication. Authenticated users can keep track of their URLs, create custom ShortIds, delete them, and monitor URL analytics.
## Features
**API Endpoints**
- **URL:**
- Create (Custom and Random), delete, and get analytics.
- **Auth:**
- Sign up, log in, refresh access token, get CSRF token, get current user, log out, and update user details.
🔐 **Authentication and Security**
- Stateless JWT authentication with refresh and access tokens using secure HTTP-only cookies.
- CSRF protection with the **Double-submit cookie** pattern.
- Role-based authorization.
💻 **Tech Stack and Features**
- Password encryption before storing in the database, with decryption for verification.
- Using the MVC pattern and separating authentication for microservice-like separation of concerns.
- **Rate limiters** for authentication routes based on different roles.
- Route protection from unauthenticated requests.
- **CSRF protection** for all POST requests.
- User input, URL, and ShortId validation using **express-validator** and custom sanitization.
- Custom logger for monitoring requests in the development terminal.
- Schema built with **Mongoose**, along with **aggregation pipeline** queries.
- Users can monitor analytics for each click in detail for every ShortId.
🎁 **Additional Features**
- 🔄 Highly customizable and extendable, with more features planned for future updates.