A week to learn anything I want? I decided to take on a project to explore various Cloudflare products. Cloudflare is a major player on the Internet alongside AWS. My current plan is to start with Cloudflare Workers to host a front end and an API that interacts with a few tools such as ServiceNow to handle authentication and Spotify to interact with the site. Over the next few days, I might explore other Cloudflare products, such as KV or Durable Objects, to manage the application's state and provide a small database.
End of day, I need to handle for
- Checking token expiration and refreshing for a new one when it expires, they don't need to reauthenticate, just need to refresh the current token.
- Handle post login, what do we do on the dashboard?
- think about spotify login, search box, what playlist to add to
- logout?
I successfully implemented logins yesterday and set up token storage for automatic refreshing. While the current method of storing refresh tokens isn't secure, it's something I'll revisit later to ensure safe storage. Currently, ServiceNow access tokens expire after 5 minutes, but the site automatically refreshes them. The refresh tokens remain valid for 30 days, so I'll need to consider how to handle this securely in the future. For now, I'll shift my focus to designing the front page UI, dashboard UI, and login page/buttons.
I was able to complete the Spotify connection and use a Svelte component to search and return results. I will have to create methods to accept the selected song, apply it to the database. I also want to send it to my printer and have it print some songs for the demo.
I'm excited to work on this more on the weekend to get some things done before demo on Tuesday. I am setting up a Cloudflare D1 database to store information regarding new users and sessions, and moving the auth tokens and storage to the database, validating only the session ID.
I'm in a good place getting the user session created and saving a user account. I need to update the middleware first to handle how a session is validated and extended. This is a great resource for learning how to do this.
Ran out of ngrok requests so I had to move to cloudflare tunnels, I created some config file locally to track my work. this command runs the tunnel:
cloudflared tunnel --config ./cloudflare-config.yml run development
paired with this running the dev server:
pnpm run dev
the database admin interface, uses a dev.drizzle.config.ts file rather than the d1-http default config:
pnpm run db:studio
Generate the sql from schema.ts file:
pnpm run db:generate
For generating and updating the local database:
pnpm run db:migrate
To generate and update the remote database:
pnpm exec drizzle-kit push
Generate empty migration files to seed data
drizzle-kit generate --custom --name=<file_name>
-- ./drizzle/0001_seed-users.sql
INSERT INTO "users" ("name") VALUES('Dan');
INSERT INTO "users" ("name") VALUES('Andrew');
INSERT INTO "users" ("name") VALUES('Dandrew');sequenceDiagram
participant User
participant Frontend as Astro Frontend
participant Workers as Cloudflare Workers
participant OAuth as OAuth Provider
participant DB as Database
User->>Frontend: Visit website
Frontend->>User: Display login button
User->>Frontend: Click login button
Frontend->>OAuth: Redirect to OAuth provider
OAuth->>User: Show login/consent page
User->>OAuth: Authenticate & authorize
OAuth->>Frontend: Redirect with auth code
Frontend->>Workers: Exchange code for tokens
Workers->>OAuth: Request tokens
OAuth->>Workers: Return access & refresh tokens
Workers->>OAuth: Query user information
OAuth->>Workers: Return user data
Workers->>DB: Store user info (Table 1)
Workers->>DB: Store auth & refresh tokens (Table 2)
Workers->>DB: Create session (Table 3)
Workers->>Frontend: Set session cookie/token
Frontend->>User: Redirect to protected page
- https://docs.astro.build/en/guides/integrations-guide/cloudflare/
- https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/security/concept/c_OAuthAuthorizationCodeFlow.html
- https://dev.to/askrodney/astro-cookies-api-cookies-on-http-requests-4fn5
- https://blog.ohansemmanuel.com/working-with-astros-middleware/
- https://github.com/understanding-astro/astro-middleware-examples/blob/master/jwt-auth/src/pages/protected.astro
- https://dev.to/flashblaze/using-cloudflare-durable-objects-with-sql-storage-d1-and-drizzle-orm-2i3i