@opennextjs/cloudflare 1.19.9 → 1.19.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -261,6 +261,24 @@ async function sendEntryToR2Worker(options) {
|
|
|
261
261
|
headers: {
|
|
262
262
|
"x-opennext-cache-key": key,
|
|
263
263
|
"content-length": fs.statSync(filename).size.toString(),
|
|
264
|
+
// Include Access Client ID and Secret if they are set in the environment,
|
|
265
|
+
// so the helper worker can be reached through Cloudflare Access.
|
|
266
|
+
//
|
|
267
|
+
// If the workers.dev subdomain (or a parent route) is behind Cloudflare Access,
|
|
268
|
+
// attach a "Service Auth" policy to the *existing* Access application that already
|
|
269
|
+
// covers "open-next-cache-populate.<account>.workers.dev" — typically the
|
|
270
|
+
// "*.<account>.workers.dev" wildcard application. Creating a separate application
|
|
271
|
+
// scoped to this hostname has been observed to block the upload, even alongside
|
|
272
|
+
// the wildcard app. The policy should have:
|
|
273
|
+
// - Action set to "Service Auth"
|
|
274
|
+
// - An Include rule for "Any Access Service Token" or a specific Service Token
|
|
275
|
+
// See: https://opennext.js.org/cloudflare/cli#populating-remote-bindings-when-workers-are-protected-by-cloudflare-access
|
|
276
|
+
...(process.env.CLOUDFLARE_ACCESS_CLIENT_ID && process.env.CLOUDFLARE_ACCESS_CLIENT_SECRET
|
|
277
|
+
? {
|
|
278
|
+
"CF-Access-Client-Id": process.env.CLOUDFLARE_ACCESS_CLIENT_ID,
|
|
279
|
+
"CF-Access-Client-Secret": process.env.CLOUDFLARE_ACCESS_CLIENT_SECRET,
|
|
280
|
+
}
|
|
281
|
+
: {}),
|
|
264
282
|
},
|
|
265
283
|
body: Readable.toWeb(fs.createReadStream(filename)),
|
|
266
284
|
signal: AbortSignal.timeout(60_000),
|
|
@@ -31,6 +31,8 @@ const MAX_NUMBER_OF_VERSIONS = 20;
|
|
|
31
31
|
/** Maximum age of versions to list */
|
|
32
32
|
const MAX_VERSION_AGE_DAYS = 7;
|
|
33
33
|
const MS_PER_DAY = 24 * 3600 * 1000;
|
|
34
|
+
/** Worker-version trigger types that produce a full upload (assets + code). */
|
|
35
|
+
const UPLOAD_TRIGGER_TYPES = new Set(["upload", "version_upload"]);
|
|
34
36
|
/**
|
|
35
37
|
* Compute the deployment mapping for a deployment.
|
|
36
38
|
*
|
|
@@ -174,11 +176,18 @@ export async function listWorkerVersions(scriptName, options) {
|
|
|
174
176
|
})) {
|
|
175
177
|
const id = version.id;
|
|
176
178
|
const createdOn = version.metadata?.created_on;
|
|
179
|
+
const triggeredBy = version.metadata?.annotations?.["workers/triggered_by"];
|
|
177
180
|
if (id && createdOn) {
|
|
178
181
|
const createdOnMs = new Date(createdOn).getTime();
|
|
179
182
|
if (createdOnMs < afterTimeMs) {
|
|
180
183
|
break;
|
|
181
184
|
}
|
|
185
|
+
// Skip metadata-only versions (e.g. secret/service_token triggers)
|
|
186
|
+
// that lack the static assets bundle. Versions with no annotation
|
|
187
|
+
// are kept for backward compatibility.
|
|
188
|
+
if (triggeredBy !== undefined && !UPLOAD_TRIGGER_TYPES.has(triggeredBy)) {
|
|
189
|
+
continue;
|
|
190
|
+
}
|
|
182
191
|
versions.push({ id, createdOnMs });
|
|
183
192
|
if (versions.length >= maxNumberOfVersions) {
|
|
184
193
|
break;
|