SecureScan SecureScan is a privacy-focused web tool that converts text and images into QR codes with a strict 120-second expiration, using Supabase's cryptographic Pre-Signed URLs for access control and a Node.js cron job to automatically delete expired files from storage. The application evolved from a simple client-side QR generator into a self-cleaning ephemeral storage engine, with GitHub Copilot accelerating backend development by generating boilerplate code for API integration, database schemas, and scheduling. This is a submission for the GitHub Finish-Up-A-Thon Challenge SecureScan is a privacy-first web utility that bridges the gap between physical sharing and ephemeral digital storage. At its core, the application converts standard text into secure QR codes. The latest major feature addition is the Ephemeral Image Vault. Instead of relying on permanent cloud hosting for sensitive images, SecureScan allows users to upload an image and generates a QR code linked to that specific file with a strict, mathematically enforced 120-second lifespan. The Architecture: expiresIn: 120 . This URL is encoded into the generated QR code. Once 120 seconds pass, cloud-provider authentication mathematically invalidates the link—blocking access completely. To prevent storage bloat, a Node.js cron job runs every 5 minutes in the background, querying MongoDB for expired timestamps and batch-deleting the dead files from the Supabase bucket. Note: Consider adding a GIF or video walkthrough of the 120-second expiration in action right here SecureScan initially started as a straightforward client-side utility: converting simple text strings into QR codes. It functioned well, but it was static and lacked a complex backend challenge. The turning point was tackling the problem of secure, temporary file sharing. I wanted to allow image uploads, but I refused to build a system where user images sit on a server forever, consuming storage and posing a privacy risk. The technical hurdle was enforcing a strict expiration. My initial thought was to use a basic setTimeout deletion script, but analyzing that logically revealed it was prone to server lag and race conditions. The "comeback" was entirely re-architecting the feature into a two-layer system: relying on Supabase's cryptographic Pre-Signed URLs for exact, to-the-second access control, while offloading the actual file deletion to an asynchronous MongoDB/Node-cron garbage collection cycle. It transformed a basic QR generator into a highly efficient, self-cleaning ephemeral storage engine. GitHub Copilot was a massive accelerant during the backend re-architecture, specifically when bridging the different APIs. Instead of constantly context-switching to read the Supabase Storage SDK documentation, Copilot accurately generated the boilerplate for uploading the buffer and creating the Pre-Signed URL with the exact expiration parameters. It also handled the tedious syntax of setting up the node-cron scheduling syntax and scaffolding the Mongoose schema for the EphemeralImage database models. This allowed me to focus strictly on the system design and the logic of the two-layer access control, rather than hunting down typos in the database queries.