@positronic/cloudflare 0.0.57 → 0.0.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/api/auth-middleware.js +9 -0
- package/dist/src/api/index.js +20 -3
- package/dist/src/api/secrets.js +31 -1
- package/dist/src/sqlite-adapter.js +4 -0
- package/dist/types/api/auth-middleware.d.ts.map +1 -1
- package/dist/types/api/index.d.ts.map +1 -1
- package/dist/types/api/secrets.d.ts.map +1 -1
- package/dist/types/sqlite-adapter.d.ts.map +1 -1
- package/package.json +4 -4
|
@@ -453,6 +453,15 @@ import { parseRequestSignature } from '@misskey-dev/node-http-message-signatures
|
|
|
453
453
|
];
|
|
454
454
|
case 11:
|
|
455
455
|
// No matching key found
|
|
456
|
+
// Check if ROOT_PUBLIC_KEY is configured - if not, return specific error
|
|
457
|
+
if (!c.env.ROOT_PUBLIC_KEY) {
|
|
458
|
+
return [
|
|
459
|
+
2,
|
|
460
|
+
c.json({
|
|
461
|
+
error: 'ROOT_KEY_NOT_CONFIGURED'
|
|
462
|
+
}, 401)
|
|
463
|
+
];
|
|
464
|
+
}
|
|
456
465
|
return [
|
|
457
466
|
2,
|
|
458
467
|
c.json({
|
package/dist/src/api/index.js
CHANGED
|
@@ -141,12 +141,29 @@ app.get('/status', function(context) {
|
|
|
141
141
|
});
|
|
142
142
|
})();
|
|
143
143
|
});
|
|
144
|
-
//
|
|
144
|
+
// Auth setup endpoint (no auth required) - returns setup instructions
|
|
145
|
+
app.get('/auth/setup', function(context) {
|
|
146
|
+
return _async_to_generator(function() {
|
|
147
|
+
var rootKeyConfigured;
|
|
148
|
+
return _ts_generator(this, function(_state) {
|
|
149
|
+
rootKeyConfigured = !!context.env.ROOT_PUBLIC_KEY;
|
|
150
|
+
return [
|
|
151
|
+
2,
|
|
152
|
+
context.json({
|
|
153
|
+
backend: 'cloudflare',
|
|
154
|
+
rootKeyConfigured: rootKeyConfigured,
|
|
155
|
+
instructions: "To configure root authentication:\n1. Run: px auth format-jwk-key\n2. In Cloudflare dashboard, go to Workers & Pages > Your project > Settings > Variables and Secrets\n3. Add a new secret named ROOT_PUBLIC_KEY\n4. Paste the JWK value from step 1"
|
|
156
|
+
})
|
|
157
|
+
];
|
|
158
|
+
});
|
|
159
|
+
})();
|
|
160
|
+
});
|
|
161
|
+
// Apply auth middleware to all routes except /status and /auth/setup
|
|
145
162
|
app.use('*', function(c, next) {
|
|
146
163
|
return _async_to_generator(function() {
|
|
147
164
|
return _ts_generator(this, function(_state) {
|
|
148
|
-
// Skip auth for
|
|
149
|
-
if (c.req.path === '/status') {
|
|
165
|
+
// Skip auth for unauthenticated endpoints
|
|
166
|
+
if (c.req.path === '/status' || c.req.path === '/auth/setup') {
|
|
150
167
|
return [
|
|
151
168
|
2,
|
|
152
169
|
next()
|
package/dist/src/api/secrets.js
CHANGED
|
@@ -214,6 +214,8 @@ import { Hono } from 'hono';
|
|
|
214
214
|
}).apply(this, arguments);
|
|
215
215
|
}
|
|
216
216
|
var secrets = new Hono();
|
|
217
|
+
// Protected secret name that cannot be managed via the API
|
|
218
|
+
var PROTECTED_SECRET = 'ROOT_PUBLIC_KEY';
|
|
217
219
|
// List all secrets (names only, not values)
|
|
218
220
|
secrets.get('/', function(context) {
|
|
219
221
|
return _async_to_generator(function() {
|
|
@@ -262,8 +264,11 @@ secrets.get('/', function(context) {
|
|
|
262
264
|
}
|
|
263
265
|
// Transform to match spec format - Cloudflare API doesn't return timestamps
|
|
264
266
|
// so we use placeholder values
|
|
267
|
+
// Filter out ROOT_PUBLIC_KEY from the list for security
|
|
265
268
|
now = new Date().toISOString();
|
|
266
|
-
secretList = data.result.
|
|
269
|
+
secretList = data.result.filter(function(secret) {
|
|
270
|
+
return secret.name !== PROTECTED_SECRET;
|
|
271
|
+
}).map(function(secret) {
|
|
267
272
|
return {
|
|
268
273
|
name: secret.name,
|
|
269
274
|
createdAt: now,
|
|
@@ -341,6 +346,15 @@ secrets.post('/', function(context) {
|
|
|
341
346
|
}, 400)
|
|
342
347
|
];
|
|
343
348
|
}
|
|
349
|
+
// Block setting ROOT_PUBLIC_KEY via API - must be set in Cloudflare dashboard
|
|
350
|
+
if (name === PROTECTED_SECRET) {
|
|
351
|
+
return [
|
|
352
|
+
2,
|
|
353
|
+
context.json({
|
|
354
|
+
error: "Cannot set ".concat(PROTECTED_SECRET, " via API. This secret must be configured directly in the Cloudflare dashboard under Workers & Pages > Settings > Variables and Secrets.")
|
|
355
|
+
}, 403)
|
|
356
|
+
];
|
|
357
|
+
}
|
|
344
358
|
return [
|
|
345
359
|
4,
|
|
346
360
|
cloudflareSecretsApi(config, '', {
|
|
@@ -413,6 +427,15 @@ secrets.delete('/:name', function(context) {
|
|
|
413
427
|
];
|
|
414
428
|
}
|
|
415
429
|
name = decodeURIComponent(context.req.param('name'));
|
|
430
|
+
// Block deleting ROOT_PUBLIC_KEY via API - must be managed in Cloudflare dashboard
|
|
431
|
+
if (name === PROTECTED_SECRET) {
|
|
432
|
+
return [
|
|
433
|
+
2,
|
|
434
|
+
context.json({
|
|
435
|
+
error: "Cannot delete ".concat(PROTECTED_SECRET, " via API. This secret must be managed directly in the Cloudflare dashboard under Workers & Pages > Settings > Variables and Secrets.")
|
|
436
|
+
}, 403)
|
|
437
|
+
];
|
|
438
|
+
}
|
|
416
439
|
_state.label = 1;
|
|
417
440
|
case 1:
|
|
418
441
|
_state.trys.push([
|
|
@@ -620,6 +643,13 @@ secrets.post('/bulk', function(context) {
|
|
|
620
643
|
9
|
|
621
644
|
]; // Skip invalid entries
|
|
622
645
|
}
|
|
646
|
+
// Skip ROOT_PUBLIC_KEY - it cannot be set via API
|
|
647
|
+
if (secret.name === PROTECTED_SECRET) {
|
|
648
|
+
return [
|
|
649
|
+
3,
|
|
650
|
+
9
|
|
651
|
+
];
|
|
652
|
+
}
|
|
623
653
|
return [
|
|
624
654
|
4,
|
|
625
655
|
cloudflareSecretsApi(config, '', {
|
|
@@ -150,6 +150,10 @@ function _ts_generator(thisArg, body) {
|
|
|
150
150
|
};
|
|
151
151
|
}
|
|
152
152
|
}
|
|
153
|
+
// R2 overflow stores large events (>1MB) in R2 instead of SQLite.
|
|
154
|
+
// This feature is manually tested because vitest-pool-workers has limitations
|
|
155
|
+
// with large data and isolated storage cleanup.
|
|
156
|
+
// See: https://developers.cloudflare.com/workers/testing/vitest-integration/known-issues/#isolated-storage
|
|
153
157
|
// Size threshold for R2 overflow (1MB)
|
|
154
158
|
export var R2_OVERFLOW_THRESHOLD = 1024 * 1024;
|
|
155
159
|
// Define the schema with r2_key column for overflow support
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/api/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACvD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAO3C,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;CACjB;AAGD,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,IAAI,EAAE,WAAW,CAAC;KACnB;CACF;AAsGD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/api/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACvD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAO3C,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;CACjB;AAGD,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,IAAI,EAAE,WAAW,CAAC;KACnB;CACF;AAsGD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,CAoG1E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAU3C,QAAA,MAAM,GAAG;cAAwB,QAAQ;yCAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAU3C,QAAA,MAAM,GAAG;cAAwB,QAAQ;yCAAK,CAAC;AAwC/C,eAAe,GAAG,CAAC;AAGnB,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../src/api/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAiD3C,QAAA,MAAM,OAAO;cAAwB,QAAQ;yCAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../src/api/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAiD3C,QAAA,MAAM,OAAO;cAAwB,QAAQ;yCAAK,CAAC;AA0SnD,eAAe,OAAO,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sqlite-adapter.d.ts","sourceRoot":"","sources":["../../src/sqlite-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"sqlite-adapter.d.ts","sourceRoot":"","sources":["../../src/sqlite-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAQtE,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAajD,qBAAa,qBAAsB,YAAW,OAAO;IACnD,OAAO,CAAC,GAAG,CAAa;IACxB,OAAO,CAAC,MAAM,CAAW;IACzB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,iBAAiB,CAAS;gBAEtB,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM;IAMjE,OAAO,CAAC,gBAAgB;IAOX,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CA+DxD"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@positronic/cloudflare",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.58",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -32,9 +32,9 @@
|
|
|
32
32
|
},
|
|
33
33
|
"dependencies": {
|
|
34
34
|
"@misskey-dev/node-http-message-signatures": "^0.0.10",
|
|
35
|
-
"@positronic/core": "^0.0.
|
|
36
|
-
"@positronic/spec": "^0.0.
|
|
37
|
-
"@positronic/template-new-project": "^0.0.
|
|
35
|
+
"@positronic/core": "^0.0.58",
|
|
36
|
+
"@positronic/spec": "^0.0.58",
|
|
37
|
+
"@positronic/template-new-project": "^0.0.58",
|
|
38
38
|
"aws4fetch": "^1.0.18",
|
|
39
39
|
"caz": "^2.0.0",
|
|
40
40
|
"cron-schedule": "^5.0.4",
|