If I want to guard my api with a bearer token, is it better to use the cloudflare access or do the c

If I want to guard my api with a bearer token, is it better to use the cloudflare access or do the check in my middleware?

I was reading that cache api doesn't work behind cloudflare access, any other downsides? what about performance?

Ttornado If I want to guard my api with a bearer token, is it better to use the cloudflar...

Cyb3r-Jak3•7/13/24, 12:02 AM

You can check there is an API token with WAF rules and check the validity of the token in your middleware

johtso•7/13/24, 3:44 AM

umm, is it normal for

performance.now()

performance.now()

to return 0 if you call it in your module's initialisation?

johtso•7/13/24, 3:44 AM

I feel like it should never return 0..

johtso•7/13/24, 3:45 AM

seeing as performance.timeOrigin = 0

Chaika•7/13/24, 3:48 AM

it only advances on i/o: https://developers.cloudflare.com/workers/runtime-apis/performance/
(and the timeOrigin in Workers is 0 as described in there as well)

Cloudflare Docs

Performance and timers · Cloudflare Workers docs

Measure timing, performance, and timing of subrequests and other operations.

CChaika it only advances on i/o: https://developers.cloudflare.com/workers/runtime-apis/...

johtso•7/13/24, 3:51 AM

But shouldn't it still be initialised with a sensible time?

johtso•7/13/24, 3:52 AM

It breaks Effect's clock implementation because it tries to calculate the origin based on performance.now() at initialisation

Chaika•7/13/24, 3:53 AM

there's some comments in workerd about it: https://github.com/cloudflare/workerd/blob/882c33f4ce989cd140da00695cd75f066558fc41/src/workerd/api/global-scope.h#L86C1-L86C8

johtso•7/13/24, 3:53 AM

And then suddenly time jumps forwards by half a century

CChaika there's some comments in workerd about it: <https://github.com/cloudflare/worker...

johtso•7/13/24, 3:55 AM

The thing is it doesn't behave like Date.now().. date doesn't return zero at initialisation

johtso•7/13/24, 4:04 AM

How do you get to the in bowser quick editor for a worker in the dashboard?

Jjohtso The thing is it doesn't behave like Date.now().. date doesn't return zero at ini...

Chaika•7/13/24, 4:06 AM

oh you mean outside of a request it now() returns 0?

CChaika oh you mean outside of a request it now() returns 0?

johtso•7/13/24, 4:06 AM

Yes

Chaika•7/13/24, 4:07 AM

it's just calling dateNow which if not in an IoContext/Request does that: https://github.com/cloudflare/workerd/blob/882c33f4ce989cd140da00695cd75f066558fc41/src/workerd/api/util.c%2B%2B#L210

johtso•7/13/24, 4:07 AM

Oh, so Date.now() behaves the same?

Chaika•7/13/24, 4:07 AM

I guess otherwise they'd need to track when the isolate spun up and then set another variable for unscoped requests

Jjohtso Oh, so Date.now() behaves the same?

Chaika•7/13/24, 4:08 AM

it should, let's find out!

Jjohtso How do you get to the in bowser quick editor for a worker in the dashboard?

Chaika•7/13/24, 4:08 AM

top right

CChaika top right

johtso•7/13/24, 4:09 AM

Doesn't seem to be visible on mobile

Chaika•7/13/24, 4:09 AM

hmm yea

Jjohtso Doesn't seem to be visible on mobile 😢

Chaika•7/13/24, 4:09 AM

did they hide it again? what the heck

johtso•7/13/24, 4:10 AM

Hmm well at least it's consistent

Chaika•7/13/24, 4:12 AM

Jjohtso Doesn't seem to be visible on mobile 😢

Chaika•7/13/24, 4:12 AM

did you scroll over enough?

Chaika•7/13/24, 4:12 AM

funny because they did actually remove it at one time on mobile and we had to get them to readd it lol

johtso•7/13/24, 4:12 AM

Oh.. it's scrollable

johtso•7/13/24, 4:13 AM

The joys of minimalist interfaces without scrollbars.. there's no way to know something's scrollable

Chaika•7/13/24, 4:14 AM

editor isn't much better if you stick to vertical w/ a small screen lol

johtso•7/13/24, 4:14 AM

Should probably stick to coding on my laptop then

johtso•7/13/24, 4:15 AM

Alright that's enough chasing runtime quirk rabbit holes, better get some sleep

CChaika hmm yea

johtso•7/13/24, 10:27 AM

I think the problem might be inconsistent behaviour in local dev.. I'm thinking Date.now() might not be returning 0.. will try and test in a bit

Puliczek•7/13/24, 12:09 PM

Guys i just tested deploy.workers.cloudflare.com . Why it is so hard to just deploy other users workers? Requires: Github Auth, CF Acc Id, CF Token (no template for that), Fork repository, enable github action, deploy worker. Lol its really hard to do that for someone who is not using cloudflare. Why it is not just simple url to do all that staff with CF auth? It works like that way for other clouds like Azure.

Puliczek•7/13/24, 12:10 PM

One first time i thought that its not official installation mode, but looking on url looks official.

Puliczek•7/13/24, 12:14 PM

I think the best workflow should be enter URL -> redirect to CF Auth Page -> Security check are you sure you want to install this worker Yes/No -> Worker deployed.

Puliczek•7/13/24, 12:17 PM

btw. deploy.workers.cloudflare.com looks really clear and easy to understand, but I think it is just overcomplicated.

zensin•7/13/24, 1:54 PM

This platform has a lot of weirdness of learning curve quirks. After having finally gotten all its features figured out and working, I can say it was all worth it. Now plz give us full version of vectorize and all will be as it should be.

johtso•7/13/24, 2:36 PM

@Chaika https://github.com/cloudflare/workers-sdk/issues/6261

CChaika yes, although a point worth mentioning is you have to add them as a custom hostn...

whois | API man•7/13/24, 2:44 PM

Wait, and how can I add them as Hostnames through API? Does cloudflare workers also provide this feature?

whois | API man•7/13/24, 2:47 PM

Wait I forgot it’s with the domain's zone, I think there is an API for it

whois | API man•7/13/24, 2:50 PM

Yup there is

whois | API man•7/13/24, 2:50 PM

It is

https://api.cloudflare.com/client/v4/zones/zone_id/custom_hostnames

https://api.cloudflare.com/client/v4/zones/zone_id/custom_hostnames

rdbisme•7/14/24, 12:10 PM

Hello, is there any plan to support ICMP? I woke up this morning with an idea to use a Worker as a status reporter for my server just to discover we can't send ICMP.

Or do you have any suggestions on how to achieve that.

I was thinking about using TCP sockets... But I fear my fail2ban will ban the worker IP

Walshy•7/14/24, 12:27 PM

No plans for ICMP, are you just trying to get latency to the server? Ideally you want to healthcheck services for status checkers

You can also make fail2ban not ban Workers but of course opens a bit of a hole.

WWalshy No plans for ICMP, are you just trying to get latency to the server? Ideally you...

rdbisme•7/14/24, 1:36 PM

Thanks for your answer. I just wanted a, cheap, external service to ping my server and send me a notification on Telegram.

rdbisme•7/14/24, 1:36 PM

I can indeed expose an http service on the server for healtcheck. But ping is easy, no need to deploy anything on the server

Rrdbisme I can indeed expose an http service on the server for healtcheck. But ping is ea...

Idle•7/14/24, 4:45 PM

does a icmp response always mean that the http service is running and healthy

CChaika yes, although a point worth mentioning is you have to add them as a custom hostn...

whois | API man•7/14/24, 10:53 PM

But is it a monthly pay or per usage both API and Fallback Workers? (CF SaaS)

IIdle does a icmp response always mean that the http service is running and healthy 🤔

rdbisme•7/15/24, 1:03 AM

No. But that's exactly what I want. I want to check the machine is up. Not the http service

Wwhois | API man But is it a monthly pay or per usage both API and Fallback Workers? (CF SaaS)

Chaika•7/15/24, 1:16 AM

you pay monthly for each hostname over 100 at $0.10 per hostname per month, and you pay for whatever worker execution costs as well

Tony Leung•7/15/24, 4:43 AM

hi, is there anyway to detect request is from a known bot or not from cloudflare workers?