Skip to main content

Website Dashboard & URL Shortener

· 3 min read
PSEC
PSEC
Architecture Team
SAIYU
SAIYU
Construction Team

The internal Website dashboard now lives behind a sign-in, and a new URL Shortener has been added alongside it. Both share the same login — one 4-digit code, two pages, no separate accounts.

What changed

/website — now gated by email + PIN

The shared-account directory (the page that lists corporate logins, default credentials, etc.) used to live on the homepage with a thin password gate. It has moved to /website and is now protected by the same allow-list + PIN flow we use for other internal tools.

If your work email is on the allow-list (@psecprojects.com.au or @saiyu.com.au are accepted by default), you can sign in. Anyone else gets a silent no-op — no error, no enumeration.

/url-shortener — new

A new internal short-link tool at /url-shortener. Built specifically for distributing drawings to consultants and trades:

  • Auto-generates short URLs at /s/<code> on the same domain.
  • Records who created the link, click count, optional expiry, project code, reason for issue, and address.
  • Auto-titles every link as YYYYMMDD-PROJECT-REASON in Sydney time (e.g. 20260429-K1-DA) — no manual naming.
  • Default history view shows the last 14 days; the search box pulls from the full history.

Full reference: URL Shortener docs →

How to sign in

Both pages use the same flow:

  1. Open /website or /url-shortener.
  2. Enter your work email. A 4-digit code arrives by email within seconds (codes expire in 10 minutes).
  3. Enter the code. You're signed in for 8 hours.

One sign-in covers both pages. The session token is shared, so once you've signed in on /website you can navigate straight to /url-shortener without entering the code again, and vice versa.

If you don't receive the code:

  • Double-check the email address — typos silently no-op to prevent guessing.
  • Check spam (sender is [email protected]).
  • Ask GZ to confirm you're on the allow-list.

Why the change

The old homepage password gate shipped credentials to every browser that loaded the page — a long-standing concern. The new flow keeps every credential on the server and only releases dashboard data after a verified sign-in. Adding the URL shortener was a chance to reuse the same auth instead of building a parallel one.

Feedback

If something's broken, missing, or surprising — short codes that don't work, links that should appear in history but don't, sign-in loops, anything — reach out. Early days for the shortener especially.

GZ.