miniURL
- a TinyApp
Project
miniurl
is a full stack web application, built with Node
and Express
, that allows users to shorten long URLs (similar to bit.ly). This project was built as a proof of concept for for learning purposes.
BEWARE: This application does not store Users and URL databases to hard disk or external databases. Once the application is restarted all changes are lost, thus changes to lookupURL.js and lookupUser.js are needed to store these values.
Install it:
npm install @rahmatsaeedi/miniurl
Run it:
node express_server
The application uses unsigned cookies, with 32 alphanumeral-characters (a-z, A-Z, 0-9) as the session identity; hence, being vulnerable to Pass the Cookie
attack, and session hijacking
if used without TLS/SSL connection.
Also, lookupURL.js and lookupUser.js contains two registered users ([email protected]
and [email protected]
) and a session cookie ( sessionID
) for demonistration purposes. These users
, their associated URLs
, and the session
can be safely deleted.
views
folder contain webpage templates.
express_server.js
contain server logics, routing routes, and overall behaviours settings.
lookupURL.js
contains logics related to processing stored shorcode for URLs, such as:
-
addURL (shortURL, longURL, userID)
: Stores the short/long url pair to URL database of the logged-in user with the session iduserID
. -
removeURL (shortURL, userID)
: Removes the stored URL with shortcodeshortURL
from URL database of the logged-in user with session iduserID
. -
updateURL (shortURL, longURL, userID)
: Updates the short/long url pair of the logged-in user with the session iduserID
. -
getURL (shortURL, incrementVisit = false)
: Returns the url object with the shortcodeshortURL
. -
Example of a URL object stored within the DB
"g" : { shortURL : "g", longURL : "https://www.google.ca", userID : "userID", lastUpdated : Date.now(), 'visits' : 50 }
lookupUser.js
: contains logics related to processing stored shorcode for URLs:
initSessions ()
: Sets an interval to delete expired sessions routinly. Cleaning happens once every localVariables.sessionDuration minutes.authenticate (email, pass)
: Authenticates plaintext password pass of user with email email against the stored hashed password.createSession (email, pass)
: Creates and returns a session key for the user with given email and plaintext pass.destroySession (sessionID)
: Deletes the given session from sessions object.extendSession (sessionID)
: Changes the expiry time of the session with given session id to Date.now() + localVariables.sessionDuration.getSessionUserID (sessionID)
: Returns user id of the session user with the given session id.getUserEmailByID (userID)
: Returns email address of the session user with the given session id.getSessionExpires (sessionID)
: Returns expiry time of the session with the given session id.authenticateSession (sessionID)
: Returns a boolean if the session exists and has not expired yet.registerNewUser (email, pass)
: Adds a new user object to the users object.pass
is plaintext password, and the user object contains the hashe password.isRegistered (email)
: Returns a true, if a user object with the given email address exists. Else, returns false.addToURI (uri, value, sessionID)
: Adds the object/array/valuevalue
to the user object of the session-holder with the given sessionID.uri
is a string, a key within the user object.deleteFromURI (uri, value, sessionID)
: Removes the object/array/valuevalue
from the user object of the session-holder with the given sessionID.uri
is a string, a key within the user object.getURI (uri, sessionID)
: For the session-holderXYZ
, this returns the value ofXYZ[uri]
. uri is a string, a key, within the user object.
generateRandomString(length = 7)
generates a random string that starts with an alphabet and given length.
Document Tree
│
├─── doc
│ ├─── errors.PNG
│ ├─── login.PNG
│ ├─── register.PNG
│ ├─── urls.edit.PNG
│ └─── urls.PNG
│
├─── node_modules
│ ├─── ...
│ ...
│
├─── views
│ ├─── favicon.ico
│ ├─── urls_errors.ejs
│ ├─── urls_index.ejs
│ ├─── urls_login.ejs
│ ├─── urls_new.ejs
│ ├─── urls_register.ejs
│ ├─── urls_show.ejs
│ └─── _header.ejs
├─── .gitignore
├─── express_server.js
├─── generateRandomString.js
├─── lookupURL.js
├─── lookupUser.js
├─── package-lock.json
├─── package.json
└─── readme.md