All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Workers - One-click Cloudflare Access for Workers

9mo ago

Source

CloudflareWorkers - One-click Cloudflare Access for Workerscloudflare.com
Snippet from the RSS feed
You can now enable Cloudflare Access for your workers.dev and Preview URLs in a single click. Access allows you to limit access to your Workers to specific users or groups. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your Access policy . To enable Cloudflare Access: In the Cloudflare dashboard, go to the Workers & Pages page. Go to Workers & Pages In Overview , select your Worker. Go to Settings > Domains & Routes . For workers.dev or Preview URLs, click Enable Cloudflare Access . Optionally, to configure the Access application, click Manage Cloudflare Access . There, you can change the email addresses you want to authorize. View Access policies to learn about configuring alternate rules. To fully secure your application, it is important that you validate the JWT that Cloudflare Access adds to the Cf-Access-Jwt-Assertion header on the incoming request. The following code will validate the JWT using the jose NPM package : import { jwtVerify , createRemoteJWKSet } from "jose" ; export default { async fetch ( request , env , ctx ) { // Verify the POLICY_AUD environment variable is set if ( ! env . POLICY_AUD ) { return new Response ( "Missing required audience" , { status : 403 , headers : { "Content-Type" : "text/plain" }, } ) ; } // Get the JWT from the request headers const token = request . headers . get ( "cf-access-jwt-assertion" ) ; // Check if token exists if ( ! token ) { return new Response ( "Missing required CF Access JWT" , { status : 403 , headers : { "Content-Type" : "text/plain" }, } ) ; } try { // Create JWKS from your team domain const JWKS = createRemoteJWKSet ( new URL ( ` ${ env . TEAM_DOMAIN } /cdn-cgi/access/certs` ) , ) ; // Verify the JWT const { payload } = await jwtVerify ( token , JWKS , { issuer : env . TEAM_DOMAIN , audience : env . POLICY_AUD , } ) ; // Token is valid, proceed with your application logic return new Response ( `Hello ${ payload . email || "authenticated user" } !` , { headers : { "Content-Type" : "text/plain" }, } ) ; } catch ( error ) { // Token verification failed return new Response ( `Invalid token: ${ error . message } ` , { status : 403 , headers : { "Content-Type" : "text/plain" }, } ) ; } }, }; Required environment variables Add these environment variables to your Worker: POLICY_AUD : Your application's AUD tag TEAM_DOMAIN : Both of these appear in the modal that appears when you enable Cloudflare Access. You can set these variables by adding them to your Worker's Wrangler configuration file , or via the Cloudflare dashboard under Workers & Pages > your-worker > Settings > Environment Variables .

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.