diff --git a/README.md b/README.md index a855fcb..64c2908 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ To keep the main Worker fast while still supporting these operations, Warden can **How to enable/disable** -It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and adding the `HEAVY_DO` binding in `wrangler.toml`. +Whether CPU-heavy endpoints are offloaded is determined by whether the `HEAVY_DO` Durable Object binding is configured in `wrangler.toml`. > [!NOTE] > Durable Objects can incur two types of billing: compute and storage. Storage is not used in this project, and the free plan allows 100,000 requests and 13,000 GB-s duration per day, which should be more than enough for most users. See [Cloudflare Durable Objects pricing](https://developers.cloudflare.com/durable-objects/platform/pricing/) for details. @@ -159,9 +159,6 @@ It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and Configure environment variables in `wrangler.toml` under `[vars]`, or set them via Cloudflare Dashboard: -* **`HEAVY_DO_ENABLED`** (Optional, Default: `0`): - - Enable routing CPU-heavy endpoints to Durable Object (`HEAVY_DO`). - - Recommended on Free plan if you hit CPU time limits on import/login. * **`PASSWORD_ITERATIONS`** (Optional, Default: `600000`): - PBKDF2 iterations for server-side password hashing. - Minimum is 600000. diff --git a/src/entry.js b/src/entry.js index ba63fce..eeb18eb 100644 --- a/src/entry.js +++ b/src/entry.js @@ -10,7 +10,7 @@ * the Rust/WASM layer with axum body conversion. * * Additionally, this wrapper can optionally offload CPU-heavy endpoints to a Rust Durable Object - * (higher CPU budget) by enabling `HEAVY_DO_ENABLED=1` and binding `HEAVY_DO` in `wrangler.toml`. + * (higher CPU budget) by binding `HEAVY_DO` in `wrangler.toml`. * This is used for operations like imports and password verification paths, keeping the main * Worker on a low-CPU fast path for typical requests. * @@ -20,16 +20,6 @@ import RustWorker from "../build/index.js"; import { base64UrlDecode, handleAzureUpload, handleDownload } from "./attachments.js"; -function isTruthy(value) { - if (value == null) return false; - const s = value.toString().trim().toLowerCase(); - return s === "1" || s === "true" || s === "yes" || s === "on"; -} - -function heavyDoEnabled(env) { - return isTruthy(getEnvVar(env, "HEAVY_DO_ENABLED", "0")); -} - function getBearerToken(request) { const auth = request.headers.get("Authorization") || request.headers.get("authorization"); if (!auth) return null; @@ -106,19 +96,6 @@ function parseDownloadPath(path) { return null; } -// Helper to get env var with fallback -function getEnvVar(env, name, defaultValue = null) { - try { - const value = env[name]; - if (value && typeof value.toString === "function") { - return value.toString(); - } - return value || defaultValue; - } catch { - return defaultValue; - } -} - // Main fetch handler export default { async fetch(request, env, ctx) { @@ -126,17 +103,9 @@ export default { // Optional: route selected CPU-heavy endpoints to Durable Objects. // This keeps the main Worker on a low-CPU path while allowing heavy work to complete. - if (heavyDoEnabled(env)) { + if (env.HEAVY_DO) { // Import: route to Rust Durable Object (HeavyDo) to reuse the existing Rust import logic. if (request.method === "POST" && url.pathname === "/api/ciphers/import") { - if (!env.HEAVY_DO) { - console.error("HEAVY_DO binding not configured"); - return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), { - status: 500, - headers: { "Content-Type": "application/json" }, - }); - } - // Shard by user id (JWT sub) WITHOUT verifying signature here (cheap). const token = getBearerToken(request); const sub = token ? decodeJwtPayloadUnsafe(token)?.sub : null; @@ -148,13 +117,6 @@ export default { // Auth/password verification: run inside Rust DO (higher CPU budget). if (isAuthDoPath(url.pathname)) { - if (!env.HEAVY_DO) { - return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), { - status: 500, - headers: { "Content-Type": "application/json" }, - }); - } - let name = "auth:default"; if (url.pathname === "/identity/connect/token") { diff --git a/wrangler.toml b/wrangler.toml index f335369..0f91089 100644 --- a/wrangler.toml +++ b/wrangler.toml @@ -43,10 +43,6 @@ html_handling = "auto-trailing-slash" run_worker_first = ["/api/*", "/identity/*"] [vars] -# Enable offloading CPU-heavy endpoints (login PBKDF2 + import JSON parse) to Durable Objects. -# Defaults to disabled. -HEAVY_DO_ENABLED = "1" - # Server-side password hashing PBKDF2 iterations (stored per-user). # Defaults to 600000, and will be clamped to a minimum of 600000 even if set lower. # Existing users created before this change are assumed to be at 100000 and will be upgraded on login. @@ -96,9 +92,6 @@ keep_vars = true workers_dev = false preview_urls = false -[env.dev.vars] -HEAVY_DO_ENABLED = "1" - [env.dev.durable_objects] bindings = [ { name = "HEAVY_DO", class_name = "HeavyDo" }