Posts

What Goal: Back up Android photos/media privately to AWS S3 using FolderSync (Android). Scope: One S3 bucket, one IAM user, FolderSync account (S3-compatible), one folder pair (2‑way sync). Prerequisite: AWS account ready. Why Own your data: No Big Tech gallery lock-in. Reliability: S3 durability + Intelligent‑Tiering for cost control. Simplicity: No self‑hosted NAS, static IP, RAID, or server maintenance. How Step 1 — Create S3 bucket (Region: us‑east‑1 recommended) Name: your choice (e.g., mobile-device-bkp). Region: us-east-1 (often lowest cost; change if you need locality). Block Public Access: ON (keep the bucket private). Versioning: optional but recommended for safety. Storage class: add a lifecycle rule to transition objects to Intelligent‑Tiering immediately. Step 2 — Create IAM policy (access only this bucket) ...

What CORS blocks non-whitelisted origins in AppSecurityConfig. JWT is validated for protected endpoints in JwtAuthenticationFilter using AuthenticationManagerJWT. API tiers restrict access even with a valid token; higher tiers unlock more endpoints. Flow (request lifecycle): Incoming request → CORS applied → non-whitelisted origins blocked. Public/No-Auth endpoints bypass JWT checks. Protected endpoints → JWT extracted and validated. Tier authorization matched against requested API tier. On success, controller executes; on failure, error is routed to global handler. Why Prevent misuse from unwanted domains via strict CORS. Reject bad tokens: expired, blocked, reused/refresh-misuse. Enforce progression: open → tier 4 → tier 3 → tier 2 → tier 1 as business rules demand. How CORS configuration (AppSecurityConfig.corsConfigurationSource()): @Bean fun corsConfigurationSource(): CorsConfigurationSource { val configuration = CorsConfiguration() configuration.allowedOrigins = listOf( "http://localhost:3000", "https://yourdomain.com" ) configuration.allowedMethods = listOf("GET","POST","PUT","DELETE","OPTIONS","PATCH") configuration.allowedHeaders = listOf( "Authorization","Content-Type","X-Requested-With","Accept","Origin", KeywordsAndConstants.HEADER_TRACKING_ID, KeywordsAndConstants.HEADER_API_KEY, KeywordsAndConstants.HEADER_OTP, KeywordsAndConstants.HEADER_AUTH_TOKEN ) configuration.allowCredentials = true configuration.exposedHeaders = listOf( KeywordsAndConstants.HEADER_TRACKING_ID, KeywordsAndConstants.HEADER_API_TIER ) val source = UrlBasedCorsConfigurationSource() source.registerCorsConfiguration("/**", configuration) return source } Explanation: ...

Series links: Part 1/5 – Introduction Part 2/5 – Database Planning Part 3/5 – AWS Setup Part 4/5 – Backend APIs Part 5/5 – Frontend (you are here) What A small, fast web app that helps you add transactions with bills and later search/export them. Why Quick to use on phone or laptop. No heavy frameworks needed; it’s plain HTML/CSS/JS so you can host it anywhere. How Get the code Frontend source: https://github.com/sagarnayak/expense-tracking-public Pages you’ll see ...

Series links: Part 1/5 – Introduction Part 2/5 – Database Planning Part 3/5 – AWS Setup Part 4/5 – Backend APIs (you are here) Part 5/5 – Frontend What A tiny set of APIs to save entries with files, search them, get suggestions, and export CSV. Why Clear, stable contracts make the frontend simple. You can implement these endpoints in any backend framework. How Use your own domain names. The example hostnames below are placeholders. ...

Series links: Part 1/5 – Introduction Part 2/5 – Database Planning Part 3/5 – AWS Setup (you are here) Part 4/5 – Backend APIs Part 5/5 – Frontend What A light AWS setup to hold two things: your files (bills) and your data (transactions). Why S3 is reliable and affordable for documents/photos. RDS PostgreSQL gives you a managed database without running servers. How S3 bucket for web hosting (public read) Create a bucket for the static site (e.g., my-expenses-web). Make it public-read so the HTML/CSS/JS can be fetched by browsers. Optionally use CloudFront in front; with OAC you can keep the bucket private and still serve publicly via the CDN. Alternative hosts: Netlify, Vercel, or any simple web server. S3 bucket for documents (private) ...