This is a submission for the Permit.io Authorization Challenge: Permissions Redefined
Hey everyone! π
Super excited to share Short.io, my submission for the Permit.io Hackathon π
Short.io is a smart, secure, permission-aware link shortener made for organizations that take access control seriously⦠but still want their apps to feel clean, simple, and easy to use.
π¦ Source Code: GitHub Repository
π‘ The Idea
I kept running into the same issue:
Internal tools often rely on sharing URLs for resources, but those links donβt know who should (or shouldnβt) be clicking them.
So I built shortio β a URL shortener that bakes permission checks into every link it creates. Itβs built for multi-tenant orgs where you need fine-grained control over who can view, create, or manage resources, and it uses Permit.io to manage dynamic, role-based access in real time.
Think of it as a tiny security guard π‘οΈ at the door of every link you share.
π οΈ How It Works
Whenever someone tries to access a shortio link:
- β If theyβre logged in and have the right permissions β seamless redirect to the resource.
- π« If not β theyβll land on a clean, friendly page rendered via Qute templates inviting them to log in or sign up.
- π Access is decided based on their organization membership and role, all enforced by Permit.io behind the scenes.
Admins and owners can create links and decide who gets access β whether itβs a whole org, specific roles, or individual users.
β¨ Why This Is Cool (and Useful)
shortio isnβt your average URL shortener:
- π‘οΈ Every link knows who should click it
- ποΈ Fully multi-tenant, with clear org boundaries
- π Fine-grained, real-time permission checks via Permit.io
- π₯οΈ Clean, no-fuss UX rendered server-side with Qute
- π’ Built for internal tooling, dashboards, and resource management
Whether youβre:
- An engineer working on internal tools
- A security-conscious team sharing sensitive resources
- Or just someone who loves links that behave themselves
β¦shortioβs here to keep your links smart, secure, and well-behaved.
π Tech Stack
- βοΈ Backend & Frontend: Quarkus (Java 21) + Qute Templates
- π¦ Database: MongoDB + Panache
- π‘οΈ Authorization: Permit.io SDK
π Whatβs Next?
If I had a bit more time (and coffee βοΈ), Iβd love to add:
- π Link analytics (who tried to access, from where, and when)
- π Custom link slugs
- π Expiration dates and temporary permissions
- π‘οΈ A little animated security shield mascot for the UI (seriously)
Got more ideas? Drop them in the repo β would love to hear what you'd build on top of it!
π§ Final Thoughts
This was a super fun project to build β mixing backend security, clean server-side pages, and dynamic permissions management into a simple tool that actually solves a day-to-day problem for orgs.
Big thanks to the Permit.io and Dev.to teams for the challenge. I had a blast, and Iβm already thinking about new features I could sneak into shortio next.
Secure links, smart permissions, and a smooth experience β every time.
Letβs keep building cool, secure stuff together ππ‘οΈ
Top comments (0)