We use the free tier of Auth0 - JWT-based auth.

FForeignity Hello CF community! I would like to implement auth system with Workers, I tried ...

Devon•3/5/24, 2:01 PM

I'm building something like this for a few personal projects. I am in the process of improving the docs and adding docs around setting up outbound email for forgot password flows, etc... but it works for all the things you mentioned above. Note that the password hashing is using salted SHA-256 instead of something like bcrypt as you don't really want long CPU burns on Workers. If this is a concern you can use bcrypt or an external hashing service or whatever. - https://github.com/devondragon/workers-users

GitHub

GitHub - devondragon/workers-users: Cloudflare Workers based User M...

Cloudflare Workers based User Management and Session State Framework - devondragon/workers-users

MMitya We use the free tier of Auth0 - JWT-based auth.

Foreignity•3/5/24, 2:50 PM

Integrated with workers?

Foreignity•3/5/24, 2:51 PM

Thanks @Devon , I will surely check this out.

FForeignity Integrated with workers?

Devon•3/5/24, 3:07 PM

Yes the user management is a Worker + D1. The repo has a Pages example front end, and the session-state Worker. but you don't need to use either of those to leverage the main functionality really...

RRenova Anyone managed to run nestjs in a worker ?

crossbeau•3/5/24, 5:21 PM

did you ever get an answer, or make progress on this ?

SageSphinx63920•3/5/24, 7:31 PM

Currently having problems with getting the email content using an email worker. My question is now: Is this even possible with the EmailMessage object provided from the worker?

SSageSphinx63920 Currently having problems with getting the email content using an email worker. ...

Chaika•3/5/24, 7:44 PM

You mean reading the content? You need an email parser, ex: https://docs.emailengine.app/how-to-parse-emails-with-cloudflare-email-workers/

EmailEngine Blog

How to parse emails with Cloudflare Email Workers?

Parse incoming emails with Cloudflare Email Workers using the postal-mime module.

SageSphinx63920•3/5/24, 7:45 PM

Thats does explain a lot

Isaac McFadyen•3/5/24, 10:04 PM

No. A WebSocket actually starts with a GET request so if you blocked GET requests you'd be blocking the initial WebSocket handshake and nothing could connect.

Isaac McFadyen•3/5/24, 10:04 PM

https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#the_websocket_handshake

Isaac McFadyen•3/5/24, 10:22 PM

That's the only way, really. If you want to accept a websocket with a Worker then you also need to accept HTTP.

Chaika•3/5/24, 10:22 PM

You could make a Custom WAF Rule which checks for the Upgrade header and blocks otherwise

Isaac McFadyen•3/5/24, 10:22 PM

Ah yes, actually that could work.

Chaika•3/5/24, 10:22 PM

the usual put Worker on Custom Domain / disable workers.dev / Custom rules

Isaac McFadyen•3/5/24, 10:23 PM

Keep in mind bots could send the Upgrade header themselves to trick it. Most bots wouldn't, but anyone targeting specifically your site could do that.

Isaac McFadyen•3/5/24, 10:24 PM

I.e. if someone is specifically targeting you with a DDoS.

ZZiga Zajc Did anyone get access to Snippets yet?

Devon•3/6/24, 12:56 PM

What is it?

ZZiga Zajc Did anyone get access to Snippets yet?

Hello, I’m Allie!•3/6/24, 1:01 PM

IIRC some people do have access, but it isn't public yet

Devon•3/6/24, 1:03 PM

Ah cool, similar to AWS Cloudfront functions or something

ZZiga Zajc are snippets deployed on same locations as workers or more of them?

Hello, I’m Allie!•3/6/24, 1:03 PM

Same iirc, which is every datacenter that you have access to

Devon•3/6/24, 1:06 PM

You're not wrong:).

ZZiga Zajc are snippets deployed on same locations as workers or more of them?

Walshy•3/6/24, 1:19 PM

Snippets are workers

Walshy•3/6/24, 1:19 PM

Small workers but workers so they run everywhere like workers

Walshy•3/6/24, 1:20 PM

(Also we generally always run everything everywhere. It's harder to limit locations than put it in every metal)

Walshy•3/6/24, 1:20 PM

And they're free!

Walshy•3/6/24, 1:21 PM

Bindings aren't available

Walshy•3/6/24, 1:21 PM

Some bindings probably will be in the future, I know secrets is a common ask right now

Walshy•3/6/24, 1:21 PM

But I don't expect much beyond like env vars, secrets and mtls

Walshy•3/6/24, 1:21 PM

(Not on the team so don't take this as a "will happen" just a Walshy opinion)

Original message was deleted

crossbeau•3/6/24, 2:04 PM

Something i did to prevent bots was implement this list as a CF list and I block these ip ranges -
Blocking all major datacenters and clouds.

https://github.com/X4BNet/lists_vpn

GitHub

GitHub - X4BNet/lists_vpn: Lists of VPN providers (atomatically upd...

Lists of VPN providers (atomatically updated). Contribute to X4BNet/lists_vpn development by creating an account on GitHub.

Original message was deleted

Chaika•3/6/24, 2:33 PM

Of course. I wouldn't do that for now until you have a need/an issue. There's lots of other ways to block bots

Original message was deleted

crossbeau•3/6/24, 2:38 PM

They have it broken into 2 lists. There is a set of lists that is just datacenters. (I do have the usecase of wanting to block vpns) but its just an idea of. If you want a central list blacklisting all big datacenters this is a good source of truth

Ccrossbeau They have it broken into 2 lists. There is a set of lists that is just datacente...

Isaac McFadyen•3/6/24, 2:39 PM

Datacenters are very much used for VPNs.

crossbeau•3/6/24, 2:39 PM

You could also do waf rules that block on user agents

Isaac McFadyen•3/6/24, 2:39 PM

For example, Mullvad uses M247 in New York.

Isaac McFadyen•3/6/24, 2:40 PM

Yes, it will block bots - but if you're not having a huge problem with bots you should probably try other methods first, blocking an IP list like that is sort of a blanket measure

We use the free tier of Auth0 - JWT-based auth.

Similar Threads

Similar Threads

Similar Threads