Node.js Β· Express Β· MongoDB Β· EJS Β· Auth Β· Security-Hardened
Using Node.js, Express, and MongoDB, this production-ready URL shortener offers rate limiting, role-based authorization, authentication, and a safe server-rendered dashboard with EJS.
This project goes beyond simple CRUD to show real-world backend engineering techniques.
- π JWT + Cookie-based Authentication
- π§βπ» Role-Based Authorization (NORMAL, ADMIN)
- π¦ Rate-Limited URL Creation (abuse protection)
- π§ Secure URL Validation (protocol whitelisting)
- π§Ύ Duplicate URL Prevention
- π Click Analytics (timestamp-based)
- π‘οΈ Security Hardened
- Helmet headers
- Payload size limits
- Secure ID generation (nanoid)
- Zero known npm vulnerabilities
- π Server-Side Rendering (EJS)
- π Railway-ready deployment
- π Shorten long URLs
- π Instant redirection
- π€ User authentication (login / signup)
- π§βπ» User dashboard β manage your URLs
- π§ Admin dashboard β manage all URLs
- ποΈ Delete URLs with access control
- π Track visit history (timestamps)
- π Protected routes & middleware
β οΈ Graceful error handling (404 / invalid URLs)
| Layer | Technology |
|---|---|
| Backend | Node.js |
| Framework | Express.js |
| Database | MongoDB with Mongoose |
| Authentication | JSON Web Token (JWT) + Cookies |
| Authorization | Role-based middleware |
| View Engine | EJS |
| Security | Helmet, Rate Limiting |
| ID Generation | nanoid |
| Styling | Tailwind CSS |
URL-Shortener/ β βββ controllers/ # Business logic βββ middlewares/ # Auth & role guards βββ models/ # Mongoose schemas βββ public/ # Static assets βββ routes/ # Express routes βββ serviece/ # authentication services βββ views/ # EJS templates βββ connect.js # MongoDB connection βββ index.js # App entry point βββ package.json βββ README.md
1οΈβ£ Clone the repository
git clone https://github.com/CoreTech7704/URL-Shortener.git
cd URL-Shortener2οΈβ£ Install dependencies
npm install
3οΈβ£ Environment variables Create a .env file in the project root:
PORT=8001 MONGODB_URI=your_mongodb_connection_string JWT_SECRET=your_256_bit_secret
4οΈβ£ Start the server
npm start
Visit: http://localhost:8001
This project follows backend security best practices:
- β Payload size limits (10kb)
- β Rate limiting on URL creation
- β Secure, collision-safe ID generation
- β URL protocol whitelisting (http, https)
- β Auth & authorization enforced on protected routes
- β Helmet security headers
- β Zero known npm audit vulnerabilities
The project is ready for Railway deployment. Key requirements:
- Node.js β₯ 18
- MongoDB Atlas or Railway MongoDB plugin
- Environment variables configured in Railway dashboard
CoreTech7704(Sarvam Patel)
GitHub: https://github.com/CoreTech7704
This project is licensed under the MIT License.
Built with a strong emphasis on practical backend engineering, discipline, and real-world security considerations.
A solid foundation not merely a demonstration.
Developed with β€οΈ, β, and endless curiosity π‘