Ensuring Security in a Cloudflare Worker Token Flow
Hey there!
I have two workers in my setup. One of them generates a token (I'm not sure what type of token) with a strict rate limit, while the other worker uses this token for a specific period of time. My main goal is to ensure the security of this flow and prevent abuse on an open API, where having an API key is not an option. It's important to note that both functions are called from the same JavaScript code on the client side. Any suggestions or advice on how to tackle this challenge?
Flow:
- User visits Page A.
- The script on Page A initiates a request to the first worker to obtain a key.
- The first worker generates and returns the key to the script on Page A.
- The script securely stores the generated key.
- When needed, the script on Page A calls the second worker multiple times, passing the previously generated key for authentication.
- The second worker processes the requests from the script using the provided key.
- Upon completion of the required actions with the second worker, the script on Page A securely disposes of the key or clears it from memory to prevent unauthorized access.
- The user's interaction with Page A continues, possibly involving additional requests and operations.
What security measures can be implemented to enhance the security of the described flow?
0 Replies