<!-- lead -->
A deep dive into building a URL shortener from scratch

In this post, we’ll explore a complete deep dive into building a URL shortener from scratch using Node.js, Express, and MongoDB. URL shorteners are powerful tools that reduce lengthy URLs into much shorter and manageable ones while maintaining their redirection to the original destination. You’ve probably used services like bit.ly or TinyURL—today, you’ll learn how to create your own.

## The Tech Stack

This URL shortener is powered by:

1. **Node.js** - A JavaScript runtime built on Chrome’s V8 engine, perfect for building scalable network applications.
2. **Express.js** - A minimalistic web framework for Node.js that simplifies server and routing logic.
3. **MongoDB** - A NoSQL database used to store the original and shortened URLs.
4. **ShortId** - A package that generates URL-friendly, non-sequential unique IDs.
5. **Mongoose** - A MongoDB object data modeling (ODM) library that provides schema-based solutions for model validation and querying.

### Key Features:

- A RESTful API to create and manage shortened URLs.
- Secure API with validation using API keys.
- Efficient redirection from short URLs to the original URL.
- Scalable and easy-to-integrate MongoDB database to store URL data.

Let’s break down the code.


## Setup and Initialization

We first import the necessary modules:

```javascript
const express = require('express');
const mongoose = require('mongoose');
const shortid = require('shortid');
const Url = require('./models/Url');
require('dotenv').config();
```

### Explanation:

- **express**: To handle HTTP requests and define our routes.
- **mongoose**: To interact with our MongoDB database.
- **shortid**: Generates unique short IDs for the shortened URLs.
- **dotenv**: Manages environment variables, especially useful for storing sensitive data like API keys.
- **Url**: This is the model we’ll define later to store our URL data.

The application runs on port `9043`:

```javascript
const app = express();
const port = 9043;
```


## Middleware Setup

To handle incoming JSON requests and validate the API key, we use middleware functions:

```javascript
app.use(express.json());
```

This middleware parses the incoming request bodies as JSON, making it easier to interact with the API data.


## MongoDB Connection

Connecting to MongoDB is essential for our application’s functionality. We use `mongoose.connect()` to establish a connection to a local MongoDB instance:

```javascript
mongoose.connect('mongodb://127.0.0.1:27017/shorturl');
```

### Database Connection Handling:

```javascript
const db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', () => {
  console.log('Connected to MongoDB');
});
```

This connection ensures that if there are any issues connecting to MongoDB, we’ll log them immediately, and once successful, we print a "Connected to MongoDB" message.


## API Key Validation

Before creating a short URL, we must validate that the request has a valid API key. This middleware checks the `x-api-key` header against a pre-defined key in the `.env` file:

```javascript
const validateApiKey = (req, res, next) => {
  const apiKey = req.headers['x-api-key'];
  if (apiKey && apiKey === process.env.API_KEY) {
    next();
  } else {
    res.status(403).json({ error: 'Forbidden' });
  }
};
```

The request only proceeds if the key is valid; otherwise, it returns a 403 Forbidden status, ensuring only authorized users can create short URLs.


## Creating Short URLs

The core functionality is handled by the POST `/api/shorturl` route. It validates the request body, checks for an existing shortened URL, and generates a new one if necessary:

```javascript
app.post('/api/shorturl', validateApiKey, async (req, res) => {
  const { longUrl } = req.body;

  if (!longUrl) {
    return res.status(400).json({ error: 'Invalid URL' });
  }

  try {
    let url = await Url.findOne({ longUrl });

    if (url) {
      return res.json({ shortUrl: `https://s.shells.lol/${url.shortId}` });
    }

    const shortId = shortid.generate();
    url = new Url({
      longUrl,
      shortId,
    });

    await url.save();
    res.json({ shortUrl: `https://s.shells.lol/${shortId}` });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});
```

### What’s happening here?

- **Validation**: If the `longUrl` field is missing from the request body, it returns a 400 Bad Request error.
- **URL Existence Check**: If the long URL already exists in the database, it simply returns the existing shortened URL.
- **New Short ID Generation**: If no record exists for the given URL, we generate a new short ID using the `shortid` library, store it in the database, and return the shortened URL.


## Redirecting Short URLs

When a user visits a short URL, the application looks for the corresponding long URL in the database and redirects them:

```javascript
app.get('/:shortId', async (req, res) => {
  const { shortId } = req.params;

  try {
    const url = await Url.findOne({ shortId });

    if (url) {
      return res.redirect(301, url.longUrl);
    }

    res.status(404).json({ error: 'URL not found' });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});
```

### What’s happening here?

- The **shortId** is extracted from the URL parameters.
- The app searches for a matching record in the database. If it finds one, it sends a 301 redirect to the original long URL.
- If no record is found, it responds with a 404 error, letting the user know that the short URL doesn’t exist.


## Data Model: URL Schema

The data for each shortened URL is stored in MongoDB using the `Url` model, defined as follows:

```javascript
const mongoose = require('mongoose');

const urlSchema = new mongoose.Schema({
  longUrl: {
    type: String,
    required: true,
  },
  shortId: {
    type: String,
    required: true,
    unique: true,
  },
});

module.exports = mongoose.model('Url', urlSchema);
```

### Key Points:

- **longUrl**: This is the original URL that we want to shorten. It’s a required field.
- **shortId**: This is the unique, generated identifier for the short URL.

By defining these fields and their constraints, Mongoose ensures that each URL we save is valid and meets the necessary conditions, such as being unique.

## Key Takeaways
Modular and Scalable Design: The way we structured this URL shortener allows it to easily scale and handle high traffic loads. With the use of Node.js and Express, which are non-blocking and event-driven, the service can manage concurrent requests efficiently. MongoDB, a NoSQL database, is highly scalable as well, making it an ideal candidate for storing URL mappings without sacrificing speed.

Security Considerations: The introduction of API key validation showcases how simple security measures can protect your API from unauthorized access. This is a small but critical step in ensuring that only trusted sources can interact with your service. Although basic, this approach is a strong foundation that can be expanded to include more robust authentication mechanisms, such as OAuth or JWT, as the service grows.

Database Operations and Efficiency: MongoDB’s flexibility allows for the quick and easy storage of URLs. By using indexes on the shortId, lookups are extremely fast, making redirection nearly instantaneous. The efficient querying and validation mechanisms provided by Mongoose also ensure that operations such as checking for existing URLs or saving new ones are both optimized and secure.

ShortId for Uniqueness: The shortid library helps generate compact, unique, URL-friendly strings, which is essential in minimizing the length of URLs while maintaining their uniqueness. This is an efficient way to avoid collisions and ensure that every short URL points to a different long URL, even in high-volume environments.

Handling Edge Cases: By including comprehensive error handling, we've created a more robust system. Whether it's validating input URLs, handling database errors, or returning meaningful error responses (such as 404s for missing URLs or 400s for bad requests), the application is designed to fail gracefully. This improves the user experience and ensures the system is easier to debug and maintain.

## My Thoughts

This project demonstrates how you can build a simple yet effective URL shortener using modern web technologies. We focused on essential features like API security, URL shortening, and redirection while keeping it scalable and easy to extend.

By leveraging tools like Express.js and MongoDB, this solution is not only efficient but also capable of handling significant traffic loads. With additional features like user tracking, analytics, or custom short URLs, you can further enhance the functionality of this URL shortener.

Building a URL shortener might seem like a simple project at first glance, but as we've explored in this deep dive, it's packed with various technical components that can be applied to numerous real-world applications. By breaking down each part of the process—from server setup to database interactions and security implementations—this project serves as an excellent example of how modern web technologies can come together to build a fully functional service that is not only scalable but also reliable and secure.