chore: remove HEAVY_DO_ENABLED environment variable

This commit is contained in:
qaz741wsd856 2025-12-27 05:19:03 +00:00
parent 034e6284a2
commit eaa2f3b652
3 changed files with 3 additions and 51 deletions

View file

@ -149,7 +149,7 @@ To keep the main Worker fast while still supporting these operations, Warden can
**How to enable/disable**
It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and adding the `HEAVY_DO` binding in `wrangler.toml`.
Whether CPU-heavy endpoints are offloaded is determined by whether the `HEAVY_DO` Durable Object binding is configured in `wrangler.toml`.
> [!NOTE]
> Durable Objects can incur two types of billing: compute and storage. Storage is not used in this project, and the free plan allows 100,000 requests and 13,000 GB-s duration per day, which should be more than enough for most users. See [Cloudflare Durable Objects pricing](https://developers.cloudflare.com/durable-objects/platform/pricing/) for details.
@ -159,9 +159,6 @@ It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and
Configure environment variables in `wrangler.toml` under `[vars]`, or set them via Cloudflare Dashboard:
* **`HEAVY_DO_ENABLED`** (Optional, Default: `0`):
- Enable routing CPU-heavy endpoints to Durable Object (`HEAVY_DO`).
- Recommended on Free plan if you hit CPU time limits on import/login.
* **`PASSWORD_ITERATIONS`** (Optional, Default: `600000`):
- PBKDF2 iterations for server-side password hashing.
- Minimum is 600000.

View file

@ -10,7 +10,7 @@
* the Rust/WASM layer with axum body conversion.
*
* Additionally, this wrapper can optionally offload CPU-heavy endpoints to a Rust Durable Object
* (higher CPU budget) by enabling `HEAVY_DO_ENABLED=1` and binding `HEAVY_DO` in `wrangler.toml`.
* (higher CPU budget) by binding `HEAVY_DO` in `wrangler.toml`.
* This is used for operations like imports and password verification paths, keeping the main
* Worker on a low-CPU fast path for typical requests.
*
@ -20,16 +20,6 @@
import RustWorker from "../build/index.js";
import { base64UrlDecode, handleAzureUpload, handleDownload } from "./attachments.js";
function isTruthy(value) {
if (value == null) return false;
const s = value.toString().trim().toLowerCase();
return s === "1" || s === "true" || s === "yes" || s === "on";
}
function heavyDoEnabled(env) {
return isTruthy(getEnvVar(env, "HEAVY_DO_ENABLED", "0"));
}
function getBearerToken(request) {
const auth = request.headers.get("Authorization") || request.headers.get("authorization");
if (!auth) return null;
@ -106,19 +96,6 @@ function parseDownloadPath(path) {
return null;
}
// Helper to get env var with fallback
function getEnvVar(env, name, defaultValue = null) {
try {
const value = env[name];
if (value && typeof value.toString === "function") {
return value.toString();
}
return value || defaultValue;
} catch {
return defaultValue;
}
}
// Main fetch handler
export default {
async fetch(request, env, ctx) {
@ -126,17 +103,9 @@ export default {
// Optional: route selected CPU-heavy endpoints to Durable Objects.
// This keeps the main Worker on a low-CPU path while allowing heavy work to complete.
if (heavyDoEnabled(env)) {
if (env.HEAVY_DO) {
// Import: route to Rust Durable Object (HeavyDo) to reuse the existing Rust import logic.
if (request.method === "POST" && url.pathname === "/api/ciphers/import") {
if (!env.HEAVY_DO) {
console.error("HEAVY_DO binding not configured");
return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
// Shard by user id (JWT sub) WITHOUT verifying signature here (cheap).
const token = getBearerToken(request);
const sub = token ? decodeJwtPayloadUnsafe(token)?.sub : null;
@ -148,13 +117,6 @@ export default {
// Auth/password verification: run inside Rust DO (higher CPU budget).
if (isAuthDoPath(url.pathname)) {
if (!env.HEAVY_DO) {
return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), {
status: 500,
headers: { "Content-Type": "application/json" },
});
}
let name = "auth:default";
if (url.pathname === "/identity/connect/token") {

View file

@ -43,10 +43,6 @@ html_handling = "auto-trailing-slash"
run_worker_first = ["/api/*", "/identity/*"]
[vars]
# Enable offloading CPU-heavy endpoints (login PBKDF2 + import JSON parse) to Durable Objects.
# Defaults to disabled.
HEAVY_DO_ENABLED = "1"
# Server-side password hashing PBKDF2 iterations (stored per-user).
# Defaults to 600000, and will be clamped to a minimum of 600000 even if set lower.
# Existing users created before this change are assumed to be at 100000 and will be upgraded on login.
@ -96,9 +92,6 @@ keep_vars = true
workers_dev = false
preview_urls = false
[env.dev.vars]
HEAVY_DO_ENABLED = "1"
[env.dev.durable_objects]
bindings = [
{ name = "HEAVY_DO", class_name = "HeavyDo" }