LinkShort - Containerised URL Shortener

Scans:

Size:

This is the Python code and Docker configuration for a link shortening web app

• Running demonstration available at cubel.ink

• DockerHub image repository

I am using this to learn:

• Docker & Web App Hosting
• Python Development
• DevSecOps Automation

Testing locally

• Sign up for a free Turso account, and create database with a table called 'urls' in with the follwing SQL statement:

CREATE TABLE
  urls (
    hashsum VARCHAR(64) PRIMARY KEY,
    url BLOB,
    salt BLOB,
    CONSTRAINT unique_hash UNIQUE (hashsum)
  );

To avoid cluttering up your database while testing locally, it is recommended you create 2 databases: One for testing and one for production

• Create a file in the /app directory called .env, with the following contents, setting the appropriate values with your own substitutions:

ENDPOINT="<your-turso-url>"
TOKEN="<your-turso-token>"
TLD=localhost

! WARNING !

The docker-compose.yaml and .env files must reference the same variable names where applicable, also make sure the variable names are not set elsewhere in your testing environment.

If you made separate testing and production databases, make sure to use the test database token and endpoint url in your .env file, and the production ones in your hosting environment variables.

Docker compose

From the root directory of this repository, run:

docker compose up -d --build

[+] Running (2/2)
 ✔ Network linkshort_ls-net   Created
 ✔ Container linkshort-app-1  Started

If succesful, app will be running at http://localhost, it will connect to your Turso database over the internet.

You can re-run this command whenever you make changes to rebuild the container.

To shut down the service, run this command:

docker compose down

Application Features

• Shortens URLs with unique extensions
• Encrypts stored URLs along with random with salts
• Extensions are stored as hashsums in the DB
• Sanitisation of input from user for both URLs and extensions on requests
• Checks on user shared URLs, to ensure they begin with HTTPS
• Uses minimal scratch image for runtime security
• Checks submitted URLs against spam lists, rejects known spam domains
• Generates QR codes for users to download and share
• A frontend with reactive CSS & HTML
• 400 and 500 HTTP error handling with pages
• Static content served through CDN

This has been set up via statically.io

• Demonstration application set up:

This has been set up on cloud.run via it's repository integration

DevSecOps Automation

Code Linting:

• Super Linter

Static & Software Composition Analysis:

• CodeQL
• Snyk

Container Image Scanning:

• Grype
• Docker Scout
• Trivy

Automated Dependency Upgrades:

• Renovate

Commit Standardisation:

• Conventional Commits Commit title standardisation

Developed by Jack