Skip to content

example(cloudflare-worker-auth): use the real @alchemy.run/pr-package library #633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Mkassabov wants to merge 1 commit into from
Closed

example(cloudflare-worker-auth): use the real @alchemy.run/pr-package library #633

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 21 additions & 20 deletions bun.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion distilled
Open in desktop
Submodule distilled updated 97 files
+13 −5 packages/cloudflare/scripts/generate.ts
+18 −12 packages/cloudflare/src/services/abuse-reports.ts
+103 −85 packages/cloudflare/src/services/accounts.ts
+36 −24 packages/cloudflare/src/services/acm.ts
+131 −113 packages/cloudflare/src/services/addressing.ts
+72 −62 packages/cloudflare/src/services/ai-gateway.ts
+18 −16 packages/cloudflare/src/services/ai-security.ts
+24 −16 packages/cloudflare/src/services/ai.ts
+74 −57 packages/cloudflare/src/services/aisearch.ts
+66 −56 packages/cloudflare/src/services/alerting.ts
+55 −37 packages/cloudflare/src/services/api-gateway.ts
+24 −18 packages/cloudflare/src/services/argo.ts
+6 −4 packages/cloudflare/src/services/bot-management.ts
+28 −22 packages/cloudflare/src/services/cache.ts
+18 −12 packages/cloudflare/src/services/calls.ts
+6 −4 packages/cloudflare/src/services/certificate-authorities.ts
+22 −18 packages/cloudflare/src/services/client-certificates.ts
+12 −10 packages/cloudflare/src/services/cloud-connector.ts
+6 −4 packages/cloudflare/src/services/cloudforce-one.ts
+24 −20 packages/cloudflare/src/services/connectivity.ts
+37 −28 packages/cloudflare/src/services/containers.ts
+18 −16 packages/cloudflare/src/services/content-scanning.ts
+27 −21 packages/cloudflare/src/services/custom-certificates.ts
+30 −20 packages/cloudflare/src/services/custom-hostnames.ts
+24 −20 packages/cloudflare/src/services/custom-nameservers.ts
+54 −36 packages/cloudflare/src/services/d1.ts
+42 −28 packages/cloudflare/src/services/ddos-protection.ts
+18 −12 packages/cloudflare/src/services/diagnostics.ts
+18 −12 packages/cloudflare/src/services/dns-firewall.ts
+71 −49 packages/cloudflare/src/services/dns.ts
+18 −12 packages/cloudflare/src/services/durable-objects.ts
+18 −12 packages/cloudflare/src/services/email-routing.ts
+48 −34 packages/cloudflare/src/services/email-security.ts
+18 −12 packages/cloudflare/src/services/email-sending.ts
+62 −53 packages/cloudflare/src/services/firewall.ts
+18 −18 packages/cloudflare/src/services/flagship.ts
+12 −8 packages/cloudflare/src/services/fraud.ts
+6 −4 packages/cloudflare/src/services/google-tag-gateway.ts
+18 −14 packages/cloudflare/src/services/healthchecks.ts
+18 −12 packages/cloudflare/src/services/hostnames.ts
+33 −26 packages/cloudflare/src/services/hyperdrive.ts
+36 −32 packages/cloudflare/src/services/iam.ts
+48 −35 packages/cloudflare/src/services/images.ts
+23 −19 packages/cloudflare/src/services/intel.ts
+18 −16 packages/cloudflare/src/services/keyless-certificates.ts
+58 −40 packages/cloudflare/src/services/kv.ts
+24 −16 packages/cloudflare/src/services/leaked-credential-checks.ts
+72 −62 packages/cloudflare/src/services/load-balancers.ts
+20 −17 packages/cloudflare/src/services/logpush.ts
+18 −14 packages/cloudflare/src/services/logs.ts
+30 −20 packages/cloudflare/src/services/magic-cloud-networking.ts
+48 −40 packages/cloudflare/src/services/magic-network-monitoring.ts
+66 −44 packages/cloudflare/src/services/magic-transit.ts
+6 −4 packages/cloudflare/src/services/managed-transforms.ts
+21 −19 packages/cloudflare/src/services/mtls-certificates.ts
+6 −4 packages/cloudflare/src/services/network-interconnects.ts
+12 −8 packages/cloudflare/src/services/organizations.ts
+30 −20 packages/cloudflare/src/services/origin-ca-certificates.ts
+18 −14 packages/cloudflare/src/services/origin-post-quantum-encryption.ts
+96 −85 packages/cloudflare/src/services/origin-tls-client-auth.ts
+12 −8 packages/cloudflare/src/services/page-rules.ts
+32 −28 packages/cloudflare/src/services/page-shield.ts
+42 −28 packages/cloudflare/src/services/pages.ts
+90 −68 packages/cloudflare/src/services/pipelines.ts
+112 −88 packages/cloudflare/src/services/queues.ts
+42 −28 packages/cloudflare/src/services/r2-data-catalog.ts
+98 −71 packages/cloudflare/src/services/r2.ts
+30 −20 packages/cloudflare/src/services/realtime-kit.ts
+25 −19 packages/cloudflare/src/services/registrar.ts
+24 −16 packages/cloudflare/src/services/resource-sharing.ts
+18 −12 packages/cloudflare/src/services/resource-tagging.ts
+18 −12 packages/cloudflare/src/services/rules.ts
+18 −15 packages/cloudflare/src/services/rulesets.ts
+30 −22 packages/cloudflare/src/services/rum.ts
+30 −20 packages/cloudflare/src/services/schema-validation.ts
+63 −59 packages/cloudflare/src/services/secrets-store.ts
+12 −10 packages/cloudflare/src/services/security-txt.ts
+32 −24 packages/cloudflare/src/services/snippets.ts
+18 −12 packages/cloudflare/src/services/spectrum.ts
+25 −24 packages/cloudflare/src/services/speed.ts
+19 −16 packages/cloudflare/src/services/ssl.ts
+42 −28 packages/cloudflare/src/services/stream.ts
+24 −16 packages/cloudflare/src/services/token-validation.ts
+12 −8 packages/cloudflare/src/services/turnstile.ts
+6 −4 packages/cloudflare/src/services/url-normalization.ts
+36 −28 packages/cloudflare/src/services/user.ts
+51 −38 packages/cloudflare/src/services/vectorize.ts
+30 −20 packages/cloudflare/src/services/vulnerability-scanner.ts
+18 −12 packages/cloudflare/src/services/waiting-rooms.ts
+24 −18 packages/cloudflare/src/services/web3.ts
+24 −16 packages/cloudflare/src/services/workers-for-platforms.ts
+149 −112 packages/cloudflare/src/services/workers.ts
+48 −32 packages/cloudflare/src/services/workflows.ts
+13 −9 packages/cloudflare/src/services/zaraz.ts
+271 −194 packages/cloudflare/src/services/zero-trust.ts
+66 −47 packages/cloudflare/src/services/zones.ts
+23 −6 packages/cloudflare/src/traits.ts
4 changes: 2 additions & 2 deletions examples/cloudflare-worker-auth/alchemy.run.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
import * as PrPackage from "@alchemy.run/pr-package";
import * as Alchemy from "alchemy";
import * as Cloudflare from "alchemy/Cloudflare";
import * as Output from "alchemy/Output";
import * as Effect from "effect/Effect";
import * as Redacted from "effect/Redacted";

import Api from "./src/Api.ts";
import { AuthTokenValue } from "./src/AuthToken.ts";

export default Alchemy.Stack(
"CloudflareWorkerAuthExample",
Expand All @@ -14,7 +14,7 @@ export default Alchemy.Stack(
state: Cloudflare.state(),
},
Effect.gen(function* () {
const authToken = yield* AuthTokenValue;
const authToken = yield* PrPackage.AuthTokenValue;
const api = yield* Api;

return {
Expand Down
1 change: 1 addition & 0 deletions examples/cloudflare-worker-auth/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"test": "bun test"
},
"dependencies": {
"@alchemy.run/pr-package": "workspace:*",
"@cloudflare/workers-types": "catalog:",
"@effect/platform-bun": "catalog:",
"@effect/platform-node": "catalog:",
Expand Down
52 changes: 9 additions & 43 deletions examples/cloudflare-worker-auth/src/Api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,54 +1,20 @@
import * as PrPackage from "@alchemy.run/pr-package";
import * as Cloudflare from "alchemy/Cloudflare";
import * as Effect from "effect/Effect";
import * as Redacted from "effect/Redacted";
import { HttpServerRequest } from "effect/unstable/http/HttpServerRequest";
import * as HttpServerResponse from "effect/unstable/http/HttpServerResponse";
import { AuthToken } from "./AuthToken.ts";

/**
* A Worker with a single bearer-token protected route, mirroring the auth
* check in `@alchemy.run/pr-package`.
* The real `@alchemy.run/pr-package` Worker. `PrPackage.handler` wires up the
* R2 bucket, KV tag index, Secrets Store bearer token, and the PackageStore
* Durable Object internally — this file is the Worker entry, so it must set
* `main: import.meta.filename`.
*
* `Cloudflare.Secret.bind(...)` resolves to `Redacted<string>`. The comparison
* MUST unwrap it with `Redacted.value(expected)` — coercing a `Redacted` to a
* string yields the literal `"<redacted>"`, so `Bearer ${expected}` would
* compare against `"Bearer <redacted>"` and silently accept the wrong token.
* See https://github.com/alchemy-run/alchemy-effect/pull/598.
* The handler's bearer-token check is the worker side of the bug fixed in
* https://github.com/alchemy-run/alchemy-effect/pull/598.
*/
export default class Api extends Cloudflare.Worker<Api>()(
"Api",
{
main: import.meta.filename,
url: true,
},
Effect.gen(function* () {
const authToken = yield* Cloudflare.Secret.bind(AuthToken);

return {
fetch: Effect.gen(function* () {
const request = yield* HttpServerRequest;

if (request.url.startsWith("/protected")) {
const authHeader = request.headers.authorization;
const expected = yield* authToken;
if (
!authHeader ||
authHeader !== `Bearer ${Redacted.value(expected)}`
) {
return HttpServerResponse.text("unauthorized", { status: 401 });
}
return HttpServerResponse.text("ok");
}

return HttpServerResponse.text("public");
}).pipe(
Effect.catchTag("SecretError", (err) =>
Effect.succeed(
HttpServerResponse.text(`failed to read secret: ${err.message}`, {
status: 500,
}),
),
),
),
};
}).pipe(Effect.provide(Cloudflare.SecretBindingLive)),
PrPackage.handler(),
) {}
25 changes: 0 additions & 25 deletions examples/cloudflare-worker-auth/src/AuthToken.ts
View file
Open in desktop

This file was deleted.

Loading
Loading