@designsystemsinternational/cloudflare 0.1.0

package/workers/password/index.ts

@@ -0,0 +1,67 @@
+import { envSchema } from "./lib/schema";
+import { getAuthCookieHeaders, isAuthenticated } from "./lib/util";
+
+export default {
+  async fetch(request, _env) {
+    const envRes = envSchema.safeParse(_env);
+
+    if (!envRes.success) {
+      console.error(envRes.error.issues);
+      return new Response(null, { status: 404 });
+    }
+
+    const env = envRes.data;
+    const url = new URL(request.url);
+    const authenticated = await isAuthenticated(request, env);
+
+    /**
+     * Authenticate endpoint
+     */
+    if (url.pathname.startsWith("/auth/authenticate")) {
+      if (authenticated) {
+        return Response.json({ success: true });
+      }
+
+      const formData = await request.formData();
+      const password = formData.get("password") as string;
+
+      if (password === env.PASSWORD) {
+        const headers = await getAuthCookieHeaders(env);
+        return Response.json(
+          {
+            success: true,
+          },
+          { headers }
+        );
+      }
+
+      return Response.json(
+        {
+          success: false,
+        },
+        { status: 404 }
+      );
+    }
+
+    /**
+     * Always render auth pages without auth
+     */
+    if (url.pathname.startsWith("/auth")) {
+      console.log("Auth page request:", request.url);
+      return _env.ASSETS.fetch(request);
+    }
+
+    /**
+     * All other requests
+     */
+    if (!authenticated) {
+      const authUrl = new URL("/auth", request.url);
+      const nextPath = url.pathname + url.search;
+      authUrl.searchParams.set("next", nextPath);
+      console.log("Redirecting to:", authUrl.toString());
+      return Response.redirect(authUrl.toString(), 302);
+    }
+
+    return _env.ASSETS.fetch(request);
+  },
+} satisfies ExportedHandler<Env>;

package/workers/password/lib/constants.ts

@@ -0,0 +1 @@
+export const COOKIE_NAME = "dsi-auth";

package/workers/password/lib/schema.ts

@@ -0,0 +1,8 @@
+import { z } from "zod";
+
+export const envSchema = z.object({
+  SECRET: z.string().min(6),
+  PASSWORD: z.string().min(1),
+});
+
+export type EnvSchema = z.infer<typeof envSchema>;

package/workers/password/lib/util.ts

@@ -0,0 +1,28 @@
+import * as cookie from "worktop/cookie";
+import jwt from "@tsndr/cloudflare-worker-jwt";
+import { COOKIE_NAME } from "./constants";
+import type { EnvSchema } from "./schema";
+
+export const isAuthenticated = async (request: Request, env: EnvSchema) => {
+  const cookieHeader = request.headers.get("Cookie") ?? "";
+  const cookies = cookie.parse(cookieHeader);
+  const token = cookies[COOKIE_NAME];
+  if (!token) {
+    return false;
+  }
+  return await jwt.verify(token, env.SECRET);
+};
+
+export const getAuthCookieHeaders = async (env: EnvSchema) => {
+  const payload = await jwt.sign({ iat: Date.now() }, env.SECRET);
+  const headers = new Headers();
+  const cookieStr = cookie.stringify(COOKIE_NAME, payload, {
+    path: "/",
+    httponly: true,
+    samesite: "Lax",
+    secure: true,
+  });
+
+  headers.set("Set-Cookie", cookieStr);
+  return headers;
+};

package/wrangler.jsonc

@@ -0,0 +1,16 @@
+// This file is simply used to test the package locally with workerd
+{
+  "$schema": "node_modules/wrangler/config-schema.json",
+  "name": "cloudflare-password",
+  "main": "workers/password/index.ts",
+  "compatibility_date": "2025-12-02",
+  "assets": {
+    "directory": "./templates/dist",
+    "not_found_handling": "single-page-application",
+    "binding": "ASSETS",
+    "run_worker_first": true
+  },
+  "observability": {
+    "enabled": true
+  }
+}