forked from electricdusk/rushlink
		
	
		
			
				
	
	
		
			93 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			93 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # RushLink
 | |
| 
 | |
| A URL shortener and (maybe) a pastebin server for our #ru community.
 | |
| 
 | |
| ## Libraries
 | |
| 
 | |
| Use standard-Go-libraries if the job can be done with those. As of now, these
 | |
| are the exceptions:
 | |
| 
 | |
| - `github.com/gorilla/mux` provides useful stuff for routing requests.
 | |
| - `github.com/gorilla/sessions` for session management.
 | |
| - `go.etcd.io/bbolt` is our database driver.
 | |
| - `github.com/pkg/errors` provides a [`Wrap`] function.
 | |
| 
 | |
| [`Wrap`]: https://godoc.org/github.com/pkg/errors#Wrap
 | |
| 
 | |
| ## Database
 | |
| 
 | |
| We will be using [`go.etcd.io/bbolt`]. This file should be the *only* file
 | |
| apart from our monolithic binary. All settings and keys should go in here.
 | |
| Any read-only data resides in the binary file (possibly compressed).
 | |
| 
 | |
| [`go.etcd.io/bbolt`]: `go.etcd.io/bbolt`
 | |
| 
 | |
| ## Namespacing
 | |
| 
 | |
| All shortened URLs exist as a key on the root of the webserver, i.e. `/xd42`.
 | |
| That means that we have to separate every other page with some kind of
 | |
| namespace. Ideas:
 | |
| 
 | |
| - `/z/` reserved for flat pages.
 | |
| - `/p/` reserved for "pastes".
 | |
| - `/u/` reserved for "users".
 | |
| - `/f/` reserved for "files".
 | |
| - `/z/static/` reserved for "static files".
 | |
| 
 | |
| ## Shorten keys and collisions
 | |
| 
 | |
| First of all: A sexted is a value of 6 bits.
 | |
| 
 | |
| For generating keys, we will initially generate a random value of 4 sextets,
 | |
| where the first bit is set to `0`. If this collides with an existing key, we
 | |
| will generate a new one made out of 5 sextexts, and set the prefix bits to
 | |
| `0b10`. We will keep doing this until we don't have any collisions anymore.
 | |
| 
 | |
| To get proper-looking keys, we format the key to characters using the
 | |
| base64url alphabet described in ([RFC4648, par. 5]). The encoded value will
 | |
| be saved in the database.
 | |
| 
 | |
| [RFC4648, par. 5]: https://tools.ietf.org/html/rfc4648#section-5
 | |
| 
 | |
| ## UI design
 | |
| 
 | |
| As is tradition in a lot of URL-shortener/pastebin-like services, we will put
 | |
| everything in a single `<pre>` tag, and if possible, just serve `text/plain`.
 | |
| A good example is <https://0x0.st>.
 | |
| 
 | |
| The reason we would use `text/html` instead of `text/plain` is basically
 | |
| form submissions and JavaScript. Our main API should be cURL, but it would be
 | |
| useful if users could also use the website and/or drag-and-drop files and URLs.
 | |
| 
 | |
| On the other hand, using `text/plain` saves us *so much effort*, because we
 | |
| don't have to do any HTML/CSS/JavaScript. We have native terminal support, etc.
 | |
| 
 | |
| The best thing would probably to do both, and correctly listen to the `Accept`
 | |
| header that the client sends. We can still wrap the plain-text page in a single
 | |
| `<pre>` to keep it easy for ourselves.
 | |
| 
 | |
| ## Retention
 | |
| 
 | |
| - If we can, we don't want to have user accounts. We store the sessions
 | |
|   forever, and store a user's data in there, without having to collect personal
 | |
|   data in any way.
 | |
| - URL-shortening links will be retained for always, unless the submitter
 | |
|   revokes it, in which case it will be replaced by a `410 Gone` page*.
 | |
| - The probles of pastes are not solved. This is an unsolved problem*.
 | |
| 
 | |
| * In any case, we going to comply with all European laws and reasonable
 | |
|   requests for deletion.
 | |
| 
 | |
| ## Privacy
 | |
| 
 | |
| We will try as hard as possible to not store any data about our users, and will
 | |
| only provide any data when we have the legal obligation to do so.
 | |
| 
 | |
| ## Todo
 | |
| 
 | |
| - [ ] Implement deletion of url-shortening links using revocation tokens.
 | |
| - [ ] Implement pastebin support.
 | |
| - [ ] Also implement file-upload support (for images/video/audio/binaries/etc.).
 | |
|     - [ ] ^ Decide on some kind of authorization system for this.
 | |
| - [ ] Implement some kind of admin interface.
 | |
| - [ ] Implement `/z/metrics`. |