I’ve been working on a small side project to experiment with secure file sharing and approval workflows, and wanted to share the technical approach and get feedback from other developers.
So I built a small client sign-off / approval tool.
Core features
- File upload (images, PDFs)
- Public approval links (no authentication)
- Explicit approval / change-request state
- Simple audit trail of actions
Technical overview
- Frontend: React + TypeScript
- Backend: Node.js (Express)
- Database: PostgreSQL (via Prisma)
- Storage: Object storage with pre-signed URLs (no file proxying through the server)
- Auth model: Token-based public links instead of user accounts
Design decisions
- No sign-up / no user auth: approval links are scoped via unique tokens to reduce friction
- Pre-signed uploads: keeps the backend stateless and avoids large file handling
- Minimal domain model: Project → File → Approval log
- Explicit states: PENDING / APPROVED / CHANGES_REQUESTED
Current status
- Beta
- Focused on correctness, simplicity, and clean APIs
I’d love feedback on:
- Architecture choices
- Security implications of public token links
- What you’d improve or redesign at this stage
here is the link: https://signoff-one.vercel.app/
Top comments (0)