Whenever I'm doing a project and have to transfer a video between two devices, I typically use google drive, but it takes too long. So I though it would be fun to make a project that makes it easy and fast to transfer files online.
What it does
Log onto the website into the same room, and upload any type, amount, and size of files. Then watch the progress bar move to completion as the files are uploaded to secure S3 buckets. People in the same room receive real time updates when files are uploaded, and they are then able to download the files.
You are also able to use SMS, Whatsapp, or mail to send the files (done through Twilio) with a URL to the room and links for downloads. Currently, they only work for authenticated users on my Twilio account, but once I move to the production versions it will work for everyone (for example, I was using the sandbox whatsapp version, though the messages are still sent to my phone number).
How we built it
Files are uploaded to an S3 bucket with the room name as the prefix and people in the same room are then able to download the files. Mail, SMS, and Whatsapp are done through Twilio. Authentication is done through Amazon Cognito and real time updates for two authenticated users is done through a websocket connection through AWS MQTT.
There's also a lot of authentication. Everyone starts as an unauthenticated user (and only unauthenticated users can make API requests). Also all API requests have a password parameter so that password protected rooms can't be hacked into (you need to get the password correct to make an API request from a room with a password). Also presigned URLs are used whenever objects are uploaded or downloaded, which was a lot of work to create. Essentially, the S3 bucket which stores all the files has blocked all public access and only the Lambda backend which stores Node.js code can access it. Whenever you upload a file, a request is sent to the Lambda the generate an uploading presigned URL, which you then make a post request to so you can upload the file. For downloading a file, the process is similar: you get a presigned URL for getting that file from the Lambda, and use that to download the file. A presigned URL is generated for every single file and has an expiration date, making them very secure.
Additionally, to reduce storage costs, files and passwords for room are all automatically deleted after 24 hours.
Challenges we ran into
It was challenging to generate the backend for security, so I had to look at a lot of AWS documentation to do so. Additionally, there were several problems when I was trying to implement Cognito, so I kept deleting and reinstalling Cognito libraries. While I was doing that, I accidentally deleted the whole backend (I was using AWS Amplify to generate backend, and I ran Amplify delete which deletes all backend resources and code permanently). So, I then had to code and configure the backend all over again, which was definitely very frustrating. Luckily, the process was a little faster since I coded it before, and remembered the basic structure.
Accomplishments that we're proud of
It was my first time using Twilio, and it was very fun to code :). Doing Twilio Quest really inspired me and I felt very accomplished when implementing it into the website.
What we learned
I learned how to use the Twilio APIs and how to generate Presigned URLs for extra security.
What's next for Transfil - transfer files online
I have a lot of plans for the future, since I hope this website gets spread a lot in the future (that's why I bought a domain name). Here are some things to do:
- Implement more tiers with unauthenticated users able to upload and download files, authenticated users able to see real time updates and set passwords, and authenticated users who pay 5 dollars able the send emails, sms, and whatsapp with the files.
- For every 5 dollars the website makes, I will donate money to plant one tree (I took inspiration from TwilioQuest's tree planting missions)
- Get more money from Ads, which I will put all over the website for those who did not pay the 5 dollars for the highest tier
- Form validation for logging in and sending emails, sms, whatsapp
- Going to the production versions of the sending mechanisms so anyone can use them