Skip to content
/ LinkShort Public

Containerised URL Shortener, with security by design. Vulnerability detection on all artefacts via GitHub actions with reputable tooling.

cubel.ink

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jackseceng/LinkShort

BranchesTags

Repository files navigation

Known Vulnerabilities CodeQL Grype Docker Build Docker Image Size (tag) GitHub code size in bytes

LinkShort - Containerised URL shortener

This is the Python code and Docker configuration for a link shortening web app

I am using this to learn:

  • Docker & Web App Hosting
  • Python Development
  • DevSecOps Automation

Testing locally

CREATE TABLE
  urls (
    hashsum VARCHAR(64) PRIMARY KEY,
    url BLOB,
    salt BLOB,
    CONSTRAINT unique_hash UNIQUE (hashsum)
  );
  • Create a file in the /app directory called .env, with the following contents, setting the appropriate values with your own substitutions:
ENDPOINT="<your-turso-url>"
TOKEN="<your-turso-token>"
TLD=localhost

! WARNING !

Please make sure your local environment variables in your terminal do not share names with the ones in this .env file.

If you change the names of the variables in this file, make sure to change their references in the docker-compose.yaml file as well.

Docker compose

From the root directory of this repository, run:

docker-compose up -d --build
[+] Running (2/2)
 ✔ Network linkshort_ls-net   Created
 ✔ Container linkshort-app-1  Started

If succesful, app will be running at http://localhost, it will connect to your Turso database over the internet.

You can re-run this command whenever you make changes to rebuild the container.

To shut down the service, run this command:

docker-compose down

Application Features

  • Shortens URLs with unique extensions
  • Encrypts stored URLs along with random with salts
  • Extensions are stored as hashsums in the DB
  • Sanitisation of input from user for both URLs and extensions on requests
  • Checks on user shared URLs, to ensure they begin with HTTPS
  • Uses minimal scratch image for runtime security
  • Checks submitted URLs against spam lists, rejects known spam domains
  • Generates QR codes for users to download and share
  • A frontend with reactive CSS & HTML
  • 400 and 500 HTTP error handling with pages
  • Demonstration application set up:

This has been set up on cloud.run via repository integration

DevSecOps Automation

Code Linting:

Static & Software Composition Analysis:

Container Image Scanning:

Automated Dependency Upgrades:

Commit Standardisation:

Developed by Jack

About

Containerised URL Shortener, with security by design. Vulnerability detection on all artefacts via GitHub actions with reputable tooling.

cubel.ink

Topics

docker docker-compose python3 flask-sqlalchemy devsecops gunicorn-flask-webserver turso

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 4

  •  
  •  
  •  
  •  

Languages