miniURL - a TinyApp Project

miniurl is a full stack web application, built with Node and Express, that allows users to shorten long URLs (similar to bit.ly). This project was built as a proof of concept for for learning purposes.

BEWARE: This application does not store Users and URL databases to hard disk or external databases. Once the application is restarted all changes are lost, thus changes to lookupURL.js and lookupUser.js are needed to store these values.

Usage

Install it:

  npm install @rahmatsaeedi/miniurl

Run it:

  node express_server

Security Issues

The application uses unsigned cookies, with 32 alphanumeral-characters (a-z, A-Z, 0-9) as the session identity; hence, being vulnerable to Pass the Cookie attack, and session hijacking if used without TLS/SSL connection.

Also, lookupURL.js and lookupUser.js contains two registered users (admin@example.com and example@example.com) and a session cookie ( sessionID ) for demonistration purposes. These users, their associated URLs, and the session can be safely deleted.

Dependencies

• Node.js
• Express
• EJS
• bcrypt
• body-parser
• cookie-parser

Documentations

views folder contain webpage templates.

express_server.js contain server logics, routing routes, and overall behaviours settings.

lookupURL.js contains logics related to processing stored shorcode for URLs, such as:

• addURL (shortURL, longURL, userID) : Stores the short/long url pair to URL database of the logged-in user with the session id userID.

• removeURL (shortURL, userID) : Removes the stored URL with shortcode shortURL from URL database of the logged-in user with session id userID.

• updateURL (shortURL, longURL, userID) : Updates the short/long url pair of the logged-in user with the session id userID.

• getURL (shortURL, incrementVisit = false) : Returns the url object with the shortcode shortURL.

• Example of a URL object stored within the DB

    "g" : {
      shortURL : "g",
      longURL : "https://www.google.ca",
      userID : "userID",
      lastUpdated : Date.now(),
      'visits' : 50
    }

lookupUser.js : contains logics related to processing stored shorcode for URLs:

• initSessions () : Sets an interval to delete expired sessions routinly. Cleaning happens once every localVariables.sessionDuration minutes.
• authenticate (email, pass) : Authenticates plaintext password pass of user with email email against the stored hashed password.
• createSession (email, pass) : Creates and returns a session key for the user with given email and plaintext pass.
• destroySession (sessionID) : Deletes the given session from sessions object.
• extendSession (sessionID) : Changes the expiry time of the session with given session id to Date.now() + localVariables.sessionDuration.
• getSessionUserID (sessionID) : Returns user id of the session user with the given session id.
• getUserEmailByID (userID) : Returns email address of the session user with the given session id.
• getSessionExpires (sessionID) : Returns expiry time of the session with the given session id.
• authenticateSession (sessionID) : Returns a boolean if the session exists and has not expired yet.
• registerNewUser (email, pass) : Adds a new user object to the users object. pass is plaintext password, and the user object contains the hashe password.
• isRegistered (email) : Returns a true, if a user object with the given email address exists. Else, returns false.
• addToURI (uri, value, sessionID) : Adds the object/array/value value to the user object of the session-holder with the given sessionID. uri is a string, a key within the user object.
• deleteFromURI (uri, value, sessionID) : Removes the object/array/value value from the user object of the session-holder with the given sessionID. uri is a string, a key within the user object.
• getURI (uri, sessionID) : For the session-holder XYZ, this returns the value of XYZ[uri]. uri is a string, a key, within the user object.

generateRandomString.js :

• generateRandomString(length = 7) generates a random string that starts with an alphabet and given length.

Document Tree

│
├─── doc
│   ├─── errors.PNG
│   ├─── login.PNG
│   ├─── register.PNG
│   ├─── urls.edit.PNG
│   └─── urls.PNG
│
├─── node_modules
│   ├─── ...
│   ...
│
├─── views
│   ├─── favicon.ico
│   ├─── urls_errors.ejs
│   ├─── urls_index.ejs
│   ├─── urls_login.ejs
│   ├─── urls_new.ejs
│   ├─── urls_register.ejs
│   ├─── urls_show.ejs
│   └─── _header.ejs
├─── .gitignore
├─── express_server.js
├─── generateRandomString.js
├─── lookupURL.js
├─── lookupUser.js
├─── package-lock.json
├─── package.json
└─── readme.md

Final Product

Login Page

Registeration Page

URLs Index

URLs Edit / Show

Example Errors