This is a submission for the Permit.io Authorization Challenge: Permissions Redefined
Hey everyone! 👋
Super excited to share shortio, my submission for the Permit.io Hackathon 🚀
It’s called shortio — a smart, secure, permission-aware link shortener made for organizations that take access control seriously… but still want their apps to feel clean, simple, and easy to use.
📦 Source Code:
- API: GitHub Repository
- APP: GitHub Repository
💡 The Idea
I kept running into the same issue:
Internal tools often rely on sharing URLs for resources, but those links don’t know who should (or shouldn’t) be clicking them.
So I built shortio — a URL shortener that bakes permission checks into every link it creates. It’s built for multi-tenant orgs where you need fine-grained control over who can view, create, or manage resources, and it uses Permit.io to manage dynamic, role-based access in real time.
Think of it as a tiny security guard 🛡️ at the door of every link you share.
🛠️ How It Works
Whenever someone tries to access a shortio link:
- ✅ If they’re logged in and have the right permissions → seamless redirect to the resource.
- 🚫 If not → they’ll land on a clean, friendly React screen inviting them to log in or sign up.
- 📜 Access is decided based on their organization membership and role, all enforced by Permit.io behind the scenes.
Admins and owners can create links and decide who gets access — whether it’s a whole org, specific roles, or individual users.
✨ Why This Is Cool (and Useful)
shortio isn’t your average URL shortener:
- 🛡️ Every link knows who should click it
- 🎛️ Fully multi-tenant, with clear org boundaries
- 🔐 Fine-grained, real-time permission checks via Permit.io
- 🖥️ Clean, no-fuss UX for both admins and users
- 🏢 Built for internal tooling, dashboards, and resource management
Whether you’re:
- An engineer working on internal tools
- A security-conscious team sharing sensitive resources
- Or just someone who loves links that behave themselves
…shortio’s here to keep your links smart, secure, and well-behaved.
📚 Tech Stack
- ⚙️ Backend: Quarkus (Java 21)
- 🎨 Frontend: React + Vite
- 📦 Database: MongoDB + Panache
- 🛡️ Authorization: Permit.io SDK
🔭 What’s Next?
If I had a bit more time (and coffee ☕️), I’d love to add:
- 📊 Link analytics (who tried to access, from where, and when)
- 🔗 Custom link slugs
- 🛑 Expiration dates and temporary permissions
- 🛡️ A little animated security shield mascot for the UI (seriously)
Got more ideas? Drop them in the repo — would love to hear what you'd build on top of it!
🧠 Final Thoughts
This was a super fun project to build — mixing backend security, frontend UX, and dynamic permissions management into a simple tool that actually solves a day-to-day problem for orgs.
Big thanks to the Permit.io and Dev.to teams for the challenge. I had a blast, and I’m already thinking about new features I could sneak into shortio next.
Secure links, smart permissions, and a smooth experience — every time.
Let’s keep building cool, secure stuff together 🚀🛡️
