This is a project that shortens links, built on AWS. This is deployed here: https://liliput.mourjo.me
- Authenticated users can create new short links
- Short links can be visited without signing in
- Rudimentary statistics viewable by the creator - number of visits
liliput.mp4
Following are the major implementation pieces - all built on AWS and deployed here: https://liliput.mourjo.me
- A single HTML page is served from S3 which then makes XHR requests for getting the current user's links and creating new short links
- The current user is inferred from the lambda function
CookieAuthorizerwhich reads the cookie header and identifies the user - A lambda function
ListLinksHandlerserves the current user's links from DynamoDB - Creation of a new short link is similar to this flow, except a link is inserted into DynamoDB instead of reading from it.
- Anonymous users can visit existing shortlinks
- A Lambda function fetches the original link from DynamoDB and redirects the user to it
- Cognito hosted UI is used for social login
- PKCE OAuth authorization flow is used to make authorization code flow a bit more secure
- Hardened (http-only) cookies are used to enhance security
- AWS cognito supports custom domains, in this project Cognito is configured with
auth.liliput.mourjo.me - REST APIs in
API gatewaysupports custom domains,liliput.mourjo.meis used in this case
- Cognito user pools can be configured to work with identity providers like Google
- In this project we are using the OAuth2 flow supported by Google
- Lambda functions using Java are slow, even with Snapstart. Since each API request is served by a different Lambda, the UI can feel quite slow. Possible alternatives are: reserved concurrency(which is costly) or a different runtime.