-
Shorten URLs: The main feature of the full-stack project is to create shortened URLs from lengthy ones. Both anonymous and authenticated users can generate short URLs. Only authenticated users can modify and remove their own short URLs.
-
Link Redirection: Clicking on short URLs should lead to the corresponding long URLs.
-
User Verification: Create/use a user authentication service to limit access to specific endpoints and features, such as Customized Alias, Expiry, Analytics, and Blacklist.
-
Authorization & Access Control: Limit access to specific endpoints based on user roles or permissions. For instance, users with admin roles can remove any short URL, but a regular user cannot remove URLs of other users.
-
Personalized Alias: Verified users should have the option to select a personalized alias for their short URLs.
-
URL Validity: The ability to set a validity date for a short URL, after which it will no longer redirect. This feature is only available to verified users.
-
Data Analysis: Monitor clicks and other related data, such as HTTP Referrer, Query Parameters, Geo Country, etc. for each short URL, exclusive to verified users.
-
Request Limiting: Restrict the number of requests from a single IP address to avoid misuse. Implement both a simple hourly windowed rate-limit and an exponential back-off strategy. Increase the rate-limit for verified users.
-
Prohibition List: The ability to prohibit certain URLs or IP addresses is to prevent spam and misuse. Implement both a global (set by admin) prohibition list and a user-set prohibition list.
-
Logging: Record all requests and responses for debugging and analysis purposes.
-
OpenAPI Specification: Generate an OpenAPI specification for the API to document the endpoints, parameters, and responses.
-
JSON Verification: Verify all input and output using JSON Schema to ensure consistency and prevent errors.
-
Security: Implement various security measures, including:
- SSL/TLS encryption to secure data in transit
- Hashing and salting passwords
- Preventing SQL injection attacks
- Preventing cross-site scripting (XSS) attacks
- CSRF protection
- Preventing brute-force attacks
- Content Security Policy (CSP)
- CORS restrictions
- Prevent Denial of Service (DoS) attacks & ReDOS attacks
- Protect against OWASP Top Ten vulnerabilities.
-
Data Caching: Implement a robust caching system to enhance performance and reduce server load, including:
- Storing frequently requested long URLs to avoid generating a new short URL every time for the same URL.
- Storing recently accessed short URLs to avoid looking up the corresponding long URL in the database every time.
- Using a cache eviction policy to remove stale or infrequently used cache entries.
- Using a distributed cache if the microservice is deployed on multiple servers or in a load-balanced environment.
- Using a cache control mechanism to invalidate or expire cache entries when the underlying data changes.
Incorporating caching to the microservice can significantly enhance its performance and reduce the load on the database, but it's crucial to design the cache strategy carefully to avoid cache-related issues, such as stale data, memory exhaustion, and cache stampede.
-
Automated Testing: Writing automated tests to ensure that all components of the microservice are working together correctly, including:
- Testing the API endpoints and their responses
- Testing the database connectivity and data integrity
- Testing the data storing functionality and its interaction with the database
- Testing the security measures, such as user verification and access control
- Testing the record keeping and error handling mechanisms
- Testing the performance and scalability of the microservice under different load conditions
- Using a test runner and assertion library to automate the testing process
- Writing test cases for positive and negative scenarios to cover all possible use cases
- Using mock data and test fixtures to simulate different scenarios