Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Andr21Da16/Quikko/llms.txt

Use this file to discover all available pages before exploring further.

Quikko’s Go backend loads all configuration from environment variables at startup. Copy server/.env.example to server/.env for local development. In production, set variables in your hosting environment — no .env file is required.
server/.env.example
# Server
PORT=8080
ENV=development
# Base pública usada para construir el shortUrl devuelto al cliente
BASE_URL=http://localhost:8080
# Base del frontend Next.js. El redirect (GET /:code) manda ahí los errores de negocio
# (link inexistente/inactivo) para mostrar páginas con marca en vez de JSON crudo.
FRONTEND_URL=http://localhost:3000
# CORS: orígenes permitidos del frontend, separados por coma. NUNCA usar "*"
# (incompatible con credentials/cookies si se habilitan en el futuro).
ALLOWED_ORIGINS=http://localhost:3000

# Mongo
MONGO_URI=mongodb://localhost:27017
MONGO_DB_NAME=url_shortener

# Redis
REDIS_ADDR=localhost:6379
REDIS_PASSWORD=
REDIS_DB=0

# InfluxDB
# El token debe coincidir con DOCKER_INFLUXDB_INIT_ADMIN_TOKEN de docker-compose.yml
INFLUX_URL=http://localhost:8086
INFLUX_TOKEN=dev-influx-token-change-me
INFLUX_ORG=url-shortener
INFLUX_BUCKET=clicks

# JWT
JWT_SECRET=cambia-esto-por-un-secreto-largo-y-aleatorio
JWT_ACCESS_TOKEN_TTL=15m
JWT_REFRESH_TOKEN_TTL=7d

# GeoIP (Agent 31): el país de cada clic se resuelve vía el servicio externo
# https://ipapi.co (sin API key) y se cachea en Redis 48h. Timeout de cada llamada
# HTTP externa, en segundos (acota la goroutine async del redirect; default 8).
GEOIP_HTTP_TIMEOUT_SECONDS=8

# Rate limiting
RATE_LIMIT_REDIRECT_PER_SEC=100
RATE_LIMIT_CREATE_PER_MIN=20
# Intentos de REGISTRO permitidos por IP por minuto (anti brute-force)
AUTH_RATE_LIMIT_PER_MIN=5
# Intentos de LOGIN permitidos por IP por minuto. Contador propio (separado del de
# registro) porque login es el endpoint más sensible a fuerza bruta de contraseñas.
RATE_LIMIT_LOGIN_PER_MIN=5

# Planes
# Máximo de URLs activas simultáneas para el plan Free (Pro no tiene límite)
FREE_PLAN_MAX_ACTIVE_URLS=5
MONGO_URI and JWT_SECRET are formally required — the server exits at startup if either is missing or empty. INFLUX_TOKEN is not checked at startup but analytics writes will fail silently without a valid token; always set it in any environment where click tracking is needed.

Server

PORT
string
default:"8080"
HTTP port the Go server listens on.
ENV
string
default:"development"
Runtime environment. Accepted values: development or production. Controls logging format and behavior — use production for all deployed environments.
BASE_URL
string
default:"http://localhost:8080"
Public base URL used to build the short URLs returned to clients. In production this should be your short-link domain, e.g. https://sho.rt.
FRONTEND_URL
string
default:"http://localhost:3000"
Next.js frontend URL. When a redirect fails (link not found or inactive), the backend redirects to this URL instead of returning raw JSON, so users see a branded error page.
ALLOWED_ORIGINS
string
default:"http://localhost:3000"
Comma-separated CORS allowlist. Specify explicit origins — never use *. Example: https://app.yourdomain.com or https://app.yourdomain.com,https://www.yourdomain.com.

MongoDB

MONGO_URI
string
required
MongoDB connection string. Required — the server will not start without this value. Example: mongodb+srv://user:pass@cluster.mongodb.net for MongoDB Atlas or mongodb://localhost:27017 for a local instance.
MONGO_DB_NAME
string
default:"url_shortener"
Name of the MongoDB database Quikko will use for users and URLs.

Redis

REDIS_ADDR
string
default:"localhost:6379"
Redis server address in host:port format. Redis is used as the redirect cache and for all rate-limiting counters.
REDIS_PASSWORD
string
default:""
Redis authentication password. Leave empty when Redis requires no authentication (the default for local development).
REDIS_DB
integer
default:"0"
Redis logical database index (0–15). Useful for isolating Quikko data when the Redis instance is shared with other applications.

InfluxDB

INFLUX_URL
string
default:"http://localhost:8086"
InfluxDB 2.x instance URL. Used to write and query time-series click event data that powers the analytics dashboard.
INFLUX_TOKEN
string
InfluxDB API token. Not enforced at startup, but analytics writes will fail without a valid token — always set this in any environment where click tracking is needed. Must match the token configured during InfluxDB initialisation. In the Docker Compose setup this corresponds to DOCKER_INFLUXDB_INIT_ADMIN_TOKEN.
INFLUX_ORG
string
default:"url-shortener"
InfluxDB organization name. Must match the organisation created during InfluxDB initialisation.
INFLUX_BUCKET
string
default:"clicks"
InfluxDB bucket where click events are stored. Each redirect writes an asynchronous data point to this bucket.

JWT

JWT_SECRET
string
required
Secret key used to sign and verify JSON Web Tokens. Required — use a long, random string in production (see tip below). Never reuse this value across environments.
JWT_ACCESS_TOKEN_TTL
duration
default:"15m"
Lifetime of short-lived access tokens. Accepts duration strings suffixed with s, m, h, or d (e.g. 30s, 15m, 1h, 1d). The d suffix for days is handled by a custom parser — it is not a standard Go duration unit.
JWT_REFRESH_TOKEN_TTL
duration
default:"7d"
Lifetime of long-lived refresh tokens. Accepts the same duration strings as JWT_ACCESS_TOKEN_TTL — including the d suffix for days (e.g. 7d, 30d).

GeoIP

GEOIP_HTTP_TIMEOUT_SECONDS
integer
default:"8"
Timeout in seconds for outbound GeoIP lookups made to ipapi.co. Each lookup runs asynchronously in a goroutine during a redirect so it never blocks the response. Results are cached in Redis for 48 hours. Reduce this value on high-latency networks.

Rate Limiting

RATE_LIMIT_REDIRECT_PER_SEC
integer
default:"100"
Maximum number of redirect requests (GET /:code) allowed per second per IP address. Protects the most frequently called endpoint against abuse.
RATE_LIMIT_CREATE_PER_MIN
integer
default:"20"
Maximum number of URL creation requests allowed per minute per authenticated user.
AUTH_RATE_LIMIT_PER_MIN
integer
default:"5"
Maximum number of registration attempts allowed per minute per IP address. Guards against automated account creation.
RATE_LIMIT_LOGIN_PER_MIN
integer
default:"5"
Maximum number of login attempts allowed per minute per IP address. This counter is intentionally separate from the registration counter because the login endpoint is the most sensitive to password brute-force attacks.

Plans

FREE_PLAN_MAX_ACTIVE_URLS
integer
default:"5"
Maximum number of simultaneously active short URLs allowed for Free plan users. Pro plan users have no limit. Increase or decrease this value to adjust your platform’s free tier without redeploying.
Generate a strong JWT_SECRET for production with a single command:
openssl rand -hex 32
Store the output in your hosting environment’s secrets manager and never commit it to source control.

Build docs developers (and LLMs) love