Live Demo
Register or log in, then shorten URLs. Short links redirect via api.jamieblair.co.uk/s/…
What it solves
Clear outcomes, no marketing language.
- Demonstrates end-to-end authentication: registration, login, token-based sessions.
- Per-IP rate limiting protects the service from abuse without external tooling.
- Click tracking gives users analytics on their links.
- SQLite + WAL mode means zero-config, single-file persistence with concurrent reads.
How it works
From registration to redirect.
Decisions
The tradeoffs behind the implementation.
HS256 signing is three lines of HMAC. Avoids an external dependency while demonstrating that JWT is just base64 + signature : not magic. The secret key is randomised per deploy.
PBKDF2 is in Python's standard library (hashlib). No C extensions, no pip install. 200,000 iterations of SHA-256 meets OWASP's current recommendation.
A simple dict of IP → timestamp list. Resets on restart, which is fine for a demo. Production would use Redis or a middleware like Flask-Limiter.
WAL mode enables concurrent readers with a single writer : perfect for a small service. No database server to manage, backup is just copying one file.
Next steps
Planned improvements, kept realistic.
- QR code generation for each short link.
- Click-through analytics with referrer, geo (IP-based), and time series.
- Custom domains support.
- Expiration dates and one-time-use links.