[Discussion] Link Shortener

[alexng353]

...Continued from discord:

Hey Alex, this sounds like an interesting idea. Jon's right, though, we need to make sure we're doing this securely and sustainably. Before I can give the green light, I need a few more details.

What I need from you:
Mini-Proposal: Give me a super quick rundown of how the "invite-only with no email" login actually works. That's a bit confusing right now.
Also, how are you storing the actual URL mappings if there's no database?

Our Hosting: We have to host this on our own CSSS-controlled infrastructure, not a personal account or free tier. This gives us control and ensures it's here to stay.

Maintenance & Support Plan: Who will be responsible for maintaining this in the long term? How will updates be deployed? What happens if you're not available?

I'm not against it, especially if there's proper justification, just want to make sure it's maintainable, secure, and doesn’t break unexpectedly down the line.

Mini-Proposal

1. Username and Password login, no email service required. Invite only, as in only an admin can add a person manually. Magic signup links (/signup?preAuthToken=) can also be added
2. SQLite3 - runs in memory and is simultaneously written to disk
3. Can also use a postgres DB, but it's heavier and unnecessary for the type of load expected.

Infrastructure

4. All it needs is an internet connection and a file system

Maintenance

5. It shouldn't need to be maintained if written correctly, it should just work.
6. If there are issues, I will maintain them for my time at SFU. Updates will be put out as updates on a branch (syncing prod to main) and ideally, the SAAS that hosts it will automatically trigger off of this
7. everything will be open sourced

[jbriones1]

1. We do have access to the login services at SFU, so we shouldn't need to do any auth management.

2. I know you talked about hosting this on another platform (Railway or CloudFlare). I'm not familiar with how much approval we need to add a new service, so I'll defer that to Puneet. Is there a way it could just be a program our current backend could call?

3. I'm guessing you want to open up a new repo for this project, but is it small enough to keep it on this repo? Like you mentioned, it should just work. Our backend is always awake anyway and I don't think we get any traffic right now to have to worry about using our resources.

4. Are these redirects only going to stick around for the 1 hour you mentioned in Discord?

[alexng353]

1. SGTM; expect longer development time if I were to use that.
2. Should be a single motion, and if we explain it properly (it will save us money) it should pass.
3. Yes, I can make it fit in this repo as an extension of the backend, but I don't know python very well (or this repo) so I'd have to spend some effort to make it work. I could also make it another application that lives in this repo.
4. TTLs are just how long cloudflare will cache our response for before asking our service again.

[jbriones1]

I'd probably need to talk to Puneet, but maybe we could add repos for larger programs and another repo for smaller programs.

I think you can write it in any language, but that makes it harder for us to code review it, which could potentially stall it. If it compiles to a binary I'd feel more comfortable if we controlled which version we compile and deploy.

All we're running (afaik) is gunicorn and a DB, so I think we have the capacity to let programs do some stuff.

I'm not too familiar with the backend code, though, so it's definitely something Gabe or Puneet would know more about.

[alexng353]

1. ideally each program gets its own repo
2. code will be open source, and very simple. you can fork the repo on the csss account to make sure you vet everything before it gets pushed up, i guess
3. i mean, sure, but the program ideally wouldn't need a db for cost reasons