Skip to content

Scribbd/scribbdurlshortener

BranchesTags

Repository files navigation

Scribbd Url-Shortener

A bare-bones private url-shortener, hosted in AWS, built with aws-sam.

This is the technical documentation. If you wish for some more reading, start here

Design of the URL Shortener. It is a serverless application that uses Route53, API-gateway with a custom authorizer based on GnuPG, two backend lambdas: a reader for unprotected GET calls with only read permissions to the DynamoDB Table. And a protected write functions with CRUD access.

Usage

Install the tools and programs defined in Development, you do not need to install the python dependencies for just deploying. To deploy the stack, use the following command: sam build --use-container && sam deploy --guided. You will be asked to fill in general parameters used by SAM, and the following parameters specific to this application:

Parameter Description
Arch Allowed values: "arm64", "x86_x64". Set architecture used in Lambda functions.
AuthorizerGracePerios Time in seconds that a signature is valid.
CertificateArn The ACM certificate associated with your domain
DomainName The R53 Domain with no trialing '.'
Environment Allowed values: "Dev", "Prd". When set to Prd it will limit CORS, and disable the default API endpoint.
PowerToolsVersion The version of the Python Lambda Powertools, get the most recent version here.
PublicKeyURL A URL to an asc-file with your public keys.

Using the API

An OpenAPI specification is available containing further documentation. However, basically you can create a POST, PUT, and DELETE request with the following body:

{
    "target": "URL"
}

The request path determines the slug you wish to create, update, or delete. Sending a POST request to example.com/test will create a redirect on that URL.

Sign the body as instructed below. And send it with your favorite tool or package to your endpoint. This repository has an example post-script available.

GET requests don't require a body and respond with either with a NotFound-error or a redirect.

GnuPG Authorizer

This custom authorizer requires the following environment variable to be set to function:

  • PUBLIC_KEY_URL: The URL should serve an asc-file. An option for this is Keybase.

For more information about environment variables, look into the gnupg-authorizer readme.

How to sign your request

The following explains the basic workflow with the GnuPG authorizer:

  • Create a json-body with one element "target", give it a valid URL.
  • Sign the body with GnuPG (or others) with gpg --sign --clearsign man.
  • Encode the resulting text in base64.
  • Use the encoded signature in the header as authorization and the unsigned json-body as body.

Development

The following programs should be installed:

  • Python
  • Pipenv
  • A docker-cli compatible container-engine (sam build requires a complete docker cli implementation, podman will not work)
  • SAM-cli
  • AWS-cli

Set up your dev environment with: pipenv install --dev

I use direnv to set the environment variables.

export AWS_REGION=
export AWS_PROFILE=

export PUBLIC_KEY_URL=
export ENDPOINT=
export KEYID=
export GRACE_PERIOD=99999999999
export GPG_HOME=~/.gnupg
export GPG_BIN=gpg
export SLUG_TABLE=

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages