Cloudflare Developers•2y ago

I am super new to JS and webtech in

I am super new to JS, and webtech in general (i'm a security engineer flailing helplessly) and am really struggling with how i could implement auth for pages hosted on cloudflare. From what i can tell, i might be able to use workers, but really struggling to find good examples to crib from. The gist of what i'm doing is: I create a page for each user, it contains mostly similar content, with like 2-3 personalization tokens. Nothing fancy, just text, images, videos and one or two embedded components. It seemed smart to just use static pages, but I can't for the life of me get the idea of using workers and middleware to allow users to auth with a magic link, or something else simple like that. I'm really trying to avoid providing basic auth/shared passwords if i can manage it. In my attempts to figure this out, i also considered something like nextjs with nextauth, but that seems like massive overkill.
So my ask is this, how have people succeeded in protecting static pages (in my case, eleventy pages)? The structure i'm hoping for is: domain.com/login which redirects an authenticated user to domain.com/:useridentifier to see their specific private page

2 Replies

kinkshameOP•2y ago

i did see that there was a stytch plugin, but the docs were way too light for my feeble skillset

Bobby Donchev•2y ago

"auth for pages" => what kind of auth? basicAuth? oauth? apiKey? Ahh you want "auth with a magic link". You can sign a token and send the user to his page: https://domain.com/user123?token=signedToken in workers you can have a middleware to verify the signature and / or expiry functions/_middleware.js

function authentication(context) {
  if (!verifySignature(context.request.url)) {
    return new Response("Unauthorized", { status: 403 });
  }

  return context.next();
}

you just need to write the verifySignature function and a function to create the signedToken

Gaming

Programming

I am super new to JS and webtech in