This is a submission for the Permit.io Authorization Challenge: Permissions Redefined

Hey everyone! ๐Ÿ‘‹

Super excited to share shortio, my submission for the Permit.io Hackathon ๐Ÿš€

Itโ€™s called shortio โ€” a smart, secure, permission-aware link shortener made for organizations that take access control seriouslyโ€ฆ but still want their apps to feel clean, simple, and easy to use.

๐Ÿ“ฆ Source Code:

๐Ÿ’ก The Idea

I kept running into the same issue:
Internal tools often rely on sharing URLs for resources, but those links donโ€™t know who should (or shouldnโ€™t) be clicking them.

So I built shortio โ€” a URL shortener that bakes permission checks into every link it creates. Itโ€™s built for multi-tenant orgs where you need fine-grained control over who can view, create, or manage resources, and it uses Permit.io to manage dynamic, role-based access in real time.

Think of it as a tiny security guard ๐Ÿ›ก๏ธ at the door of every link you share.

๐Ÿ› ๏ธ How It Works

Whenever someone tries to access a shortio link:

  • โœ… If theyโ€™re logged in and have the right permissions โ†’ seamless redirect to the resource.
  • ๐Ÿšซ If not โ†’ theyโ€™ll land on a clean, friendly React screen inviting them to log in or sign up.
  • ๐Ÿ“œ Access is decided based on their organization membership and role, all enforced by Permit.io behind the scenes.

Admins and owners can create links and decide who gets access โ€” whether itโ€™s a whole org, specific roles, or individual users.

โœจ Why This Is Cool (and Useful)

shortio isnโ€™t your average URL shortener:

  • ๐Ÿ›ก๏ธ Every link knows who should click it
  • ๐ŸŽ›๏ธ Fully multi-tenant, with clear org boundaries
  • ๐Ÿ” Fine-grained, real-time permission checks via Permit.io
  • ๐Ÿ–ฅ๏ธ Clean, no-fuss UX for both admins and users
  • ๐Ÿข Built for internal tooling, dashboards, and resource management

Whether youโ€™re:

  • An engineer working on internal tools
  • A security-conscious team sharing sensitive resources
  • Or just someone who loves links that behave themselves

โ€ฆshortioโ€™s here to keep your links smart, secure, and well-behaved.

๐Ÿ“š Tech Stack

  • โš™๏ธ Backend: Quarkus (Java 21)
  • ๐ŸŽจ Frontend: React + Vite
  • ๐Ÿ“ฆ Database: MongoDB + Panache
  • ๐Ÿ›ก๏ธ Authorization: Permit.io SDK

๐Ÿ”ญ Whatโ€™s Next?

If I had a bit more time (and coffee โ˜•๏ธ), Iโ€™d love to add:

  • ๐Ÿ“Š Link analytics (who tried to access, from where, and when)
  • ๐Ÿ”— Custom link slugs
  • ๐Ÿ›‘ Expiration dates and temporary permissions
  • ๐Ÿ›ก๏ธ A little animated security shield mascot for the UI (seriously)

Got more ideas? Drop them in the repo โ€” would love to hear what you'd build on top of it!

๐Ÿง  Final Thoughts

This was a super fun project to build โ€” mixing backend security, frontend UX, and dynamic permissions management into a simple tool that actually solves a day-to-day problem for orgs.

Big thanks to the Permit.io and Dev.to teams for the challenge. I had a blast, and Iโ€™m already thinking about new features I could sneak into shortio next.

Secure links, smart permissions, and a smooth experience โ€” every time.

Letโ€™s keep building cool, secure stuff together ๐Ÿš€๐Ÿ›ก๏ธ