Dass167 Link Review
<a href="https://dass.io/l/Ab9XzK1"
style="display:inline-block;padding:8px 12px;background:#0052CC;color:#fff;
text-decoration:none;border-radius:4px;font-family:sans-serif;">
View the Report
</a>
<!-- Plain‑text fallback -->
https://dass.io/l/Ab9XzK1
| # | Requirement | Description |
|---|-------------|-------------|
| FR‑1 | Link Generation API | POST /api/v2/links receives targetUrl, assetId?, expiry?, allowedRoles[] and returns linkId, shortUrl, expiresAt . |
| FR‑2 | Short‑URL Engine | Generates a 7‑character alphanumeric slug (e.g., https://dass.io/l/Ab9XzK1). Collisions resolved via retry up to 5 attempts. |
| FR‑3 | Access Control | When a user clicks a short URL, the system checks the current session’s role(s) against allowedRoles. If the user lacks permission, they are redirected to a permission‑denied page with a request‑access CTA. |
| FR‑4 | Expiry / Revocation | Links can be set to expire at a specific datetime or revoked manually via DELETE /api/v2/links/linkId. Expired/revoked links show a link no longer valid page. |
| FR‑5 | Analytics Capture | On each click record: linkId, timestamp, userId, userRole, IP, user‑agent, referrer. Data is stored in a read‑optimized analytics DB (e.g., ClickHouse). |
| FR‑6 | Branding & UI | The link renders as a button or inline text based on a displayStyle flag (button|inline). Branding uses the global primary colour, hover effect, and accessible contrast (≥ 4.5:1). |
| FR‑7 | Internationalisation | Text for the button/tooltip is pulled from i18n files (en, de, fr, es, …). Default fallback = English. |
| FR‑8 | Email‑Safe Rendering | When used inside an HTML email, the component must render a fully‑qualified <a> with inline styles (no external CSS) and include a fallback plain‑text URL. |
| FR‑9 | Error Handling | If the target URL is malformed, the API returns 400 Bad Request. If the user is unauthenticated, return 401. If they lack permission, return 403. |
| FR‑10 | Auditing | All create, update, delete actions on a link are written to an immutable audit log (audit_links) with action, actorId, timestamp, payloadHash. |
| FR‑11 | Rate Limiting | API endpoints are limited to 100 req/min per consumer key; exceeding returns 429 Too Many Requests. |
| FR‑12 | Monitoring & Alerts | Metrics: link_creation_success, link_click_rate, link_revocation_rate. Alert on spikes (> 5 σ) or 0% click‑through for newly created links after 48 h. |
If you want to view the content without the risks associated with free "tube" sites: dass167 link
| Scenario | Title | Message | CTA | |----------|-------|---------|-----| | Unauthorized | Permission Denied | “You do not have access to this resource.” | “Request Access” (opens ticket form) | | Expired / Revoked | Link No Longer Valid | “This link has expired or been revoked.” | “Contact Owner” (mailto) | | Not Found | Invalid Link | “The link you followed does not exist.” | “Return to Home” | <a href="https://dass
All error pages respect the global layout and include a breadcrumb back to the dashboard. If you want to view the content without
openapi: 3.1.0
info:
title: DASS‑167 Link Service
version: 2.5.0
paths:
/api/v2/links:
post:
summary: Create a new short link
security:
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/LinkCreateRequest'
responses:
'201':
description: Link created
content:
application/json:
schema:
$ref: '#/components/schemas/LinkCreateResponse'
'400': $ref: '#/components/responses/BadRequest'
'401': $ref: '#/components/responses/Unauthorized'
'429': $ref: '#/components/responses/TooManyRequests'
/l/slug:
get:
summary: Resolve a short link and redirect
parameters:
- name: slug
in: path
required: true
schema: type: string, pattern: '^[A-Za-z0-9]7$'
responses:
'302':
description: Redirect to target URL
'403':
description: Permission denied (redirect to error page)
'410':
description: Link expired or revoked
'404':
description: Not found
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
schemas:
LinkCreateRequest:
type: object
required: [targetUrl]
properties:
targetUrl:
type: string
format: uri
description: Full URL of the asset (internal or external)
assetId:
type: string
description: Optional internal asset identifier for audit linkage
expiry:
type: string
format: date-time
description: ISO‑8601 timestamp when link becomes invalid
allowedRoles:
type: array
items:
type: string
description: List of role identifiers allowed to use the link
displayStyle:
type: string
enum: [button, inline]
default: inline
i18nKey:
type: string
description: Translation key for button/tooltip text
LinkCreateResponse:
type: object
properties:
linkId:
type: string
description: Internal UUID of the link
shortUrl:
type: string
format: uri
expiresAt:
type: string
format: date-time
nullable: true