Join Evan Johnson as he speaks with security professionals about recent security news!
All right and welcome to this week's Hacker Time. I'm your host Evan Johnson from Cloudflare's product security team and this week we're continuing where we left off on the number one security show anywhere but definitely on Cloudflare TV number one security show and we're going to pick up where we left off and keep working on this Cloudflare worker.
We're building a URL shortener and I was opining some of my sage wisdom about building very vulnerable URL shorteners in the past which I'll try to keep sprinkling in there and this is a programming blitz so we better get started.
We've got 29 minutes 12 seconds and I want this thing done. Let's ship an MVP and so I'm just going to hop right into it.
First let us connect to our tmux session right where we left off and just like that we're going to be off to the races.
So we're using Wrangler. Okay I'm not in caps. My thing's broken with my tmux config but that's okay.
It's workable. We're using Wrangler and that is how we are shipping our software.
We're running Wrangler publish to take our software, batch it up, package it up and run it on Cloudflare's edge as a Cloudflare worker.
So let's take a look at the code and I'll walk you through where we're at really quickly.
So it starts with the regular worker event listener. This is something that you'll see in just about every single worker and then all of our handling of what's actually happening is right here.
So when a request comes in, if it's a post request, we are making sure that a url was submitted.
Then we are going to add some light validation here and then we are saving that url as kind of a shortener.
We're going to generate some randomness still and then we're going to save the url that was submitted in workers .kb and then return a nice 200 with a smiley face.
Then when it's a get request, we're going to have to otherwise pull out the tag at the end of the url.
Try to read that from workers.kb and then issue a redirect.
So we've got the post logic, it's not perfect. We should try to get something working with just a single hard -coded url tag first and then get it with a randomly generated url tag so this thing can shorten multiple urls.
Then we'll add some error checking at the end and I think that will get us to the end.
That'll get us to mvp and then maybe we can spruce up some do some front-end engineering whip out some html and css.