@bun - okay, things are working, though
@bun - okay, things are working, though I haven't properly tested all the expires stuff and whatnot... and again, I do plan to move all this into a full proof-of-concept repo with working demo etc. Anyway, some stuff in 🧵 ....
D
dakom•44d ago
ok so first off, the part you're interested in, the durable object itself.
the high level ideas are:
1. the id is always unique
2. there is always a random key value set (not strictly necessary in all flows, but, doesn't hurt)
3. the DO always cleans itself up - only question is after how long and if it allows extending the expirey
This is used for auth sessions and out-of-band "magic link" sortof things (reset password, verify email address, etc.)
Some of this will be a repeat when I copy/paste all the notes...
D
dakom•44d ago
D
dakom•44d ago
Next up, is how it's used from the auth handlers
D
dakom•44d ago
and lastly, documentation on how it all fits together
D
dakom•44d ago
the frontend side pretty much just does what it says in the notes... it must attach the signin session key in the header, the signin session id comes along via cookies, etc.
oh, of course there's a missing piece here which is the database (D1) - which stores the
user-token that's expected in the durable object.
The idea with that is really just to implement "sign out everywhere" / "invalidate all sessions for this user"
Not a must imho, but, it almost comes for free with this architecture since I'm hitting the DB to check if the email is validated anywayB
bun•44d ago
wait so why are you not using user id as id for the DO @dakom ?
@dakom
D
dakom•44d ago
Because there's a one-to-many mapping of users to auth tokens, i.e. a single user may be logged in on their browser, phone, etc. simultaneously
in an earlier design I was doing it that way - and then looking up each of the different tokens via an internal storage key, but I think this redesign is much cleaner
B
bun•44d ago
so you can have those multiple tokens in a single DO, whats the issue?
D
dakom•44d ago
it makes the expirey stuff messy - imagine that they are active on their browser session, but their phone session has inactive/expired
much simpler to just have each DO instance organically expire, than to have to check sub-keys and storages in the alarm handler
B
bun•44d ago
ahhh right
tbh it sucks you cant make alarms with like specific params
would make session invalidation much easier
D
dakom•44d ago
I think you can effectively do that by having the alarm check for some keys... but tbh I did start going down that road and it felt just a bit icky
not saying it can't be done cleaner, but for my personal attempts, this approach ended up more to my taste
(but that could just be because I gave up on the other approach and didn't spend enough time trying to make it nice... you may have better luck!)
B
bun•44d ago
also are you sure rust wasm is much more perfomant than JS in cloudflare workers context?
D
dakom•44d ago
oh I'm quite sure that rust wasm is less performant than JS in many flows, especially if it's mostly just shuffling data back and forth between D1/DO/etc.
but - it's a negligible difference either way. It's the advantages of the language and being able to reason about my data structures and code that's worth it for me
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
47KMembers
View on DiscordWant results from more Discord servers?
More Postshttp w/o axumAlright, got it working:
```rust
use http::{Response, StatusCode};
use worker::{event, Context, Env,How can I stop the Beacon JavaScript from being inserted automatically?My Angular PWA offline mode breaks when the Beacon JavaScript is inserted automatically (because theDo I retain my domain renewal (2 years) if I transfer from my existing CF to another CF account?Hi, I've renewed my domain for 2 years and am using CloudFlare as my registrar. I would like to moveSite is working on my side but is down on speed tests and uptimerobotHey, my site is working perfectly on my end (both on desktop and mobile), but when I run a CloudflarHow are Access Service Token JWTs supposed to be used?In the Zero Trust dashboard, each request using a Service Token shows up as a "Login". I assumed thiAdd CORP header to ZeroTrust DomainHi guys, I'm having two sites `a.example.com` and `b.example.com`, both of them are place under ZeroAfter deploying a new version of a website, how long does it take to update the domain?The title is maybe confusing but what I want to ask is: Roughly how long does it take to update httpImage Transformation Not Working via WorkerHello,
I am trying to use image transformation via Cloudflare Image Optimization. I have deployed aCloudflare Pages functions and Cloudflare Workers running alongside each otherI have a project running on Cloudflare Pages with a few functions running out of the `/auth` path (fcloudflare pages - switch to github repo afterHello! I have a cloudflare page that I had previously setup by uploading assets manually from my comCustom Routes - Best Practice for Workers as MicroservicesHi all - I am looking for someone to explain the best practice around setting up workers and domainstrying to connect CF domain to TCPShield but it keeps erroringI'm trying to create a domain for a Minecraft server to protect against ddos via tcpshield but it re.vercelignore file?I have published many sites on Pages using the next-on-pages tool. In the past, my projects only coGet Content-LengthI have a worker that returns a string as text/plain, in local dev I get the response with content-leWhy can’t I delete my domain?Hello everyone! I’m trying to delete one of my domain, but I can’t receive the email with confirmatiworkers + mailchannelsIs there a latest (latest) walkthrough of how to send transactional emails via a worker with mailchaVuejs in Cloudflare not updated on refreshHi, I recently migrated my Vue app from a self hosted with Nginx to Cloudflare.
Unfortunately, I notcloudflare pages + worker definitionsHi, I am using SvelteKit with the cloud flare adapter, and was wondering if there was a way to definWarp Teams Zero-Trust Device profile based on Device IDI am trying to use device profiles feature of Cloudflare Warp/Zero-Trust for Teams.
As per the name,postgres in pageshow can i use postgres using sveltekit with pages and drizzle ORM?
im using `pg` atm but im getting