chore: remove HEAVY_DO_ENABLED environment variable
This commit is contained in:
parent
034e6284a2
commit
eaa2f3b652
3 changed files with 3 additions and 51 deletions
|
|
@ -149,7 +149,7 @@ To keep the main Worker fast while still supporting these operations, Warden can
|
|||
|
||||
**How to enable/disable**
|
||||
|
||||
It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and adding the `HEAVY_DO` binding in `wrangler.toml`.
|
||||
Whether CPU-heavy endpoints are offloaded is determined by whether the `HEAVY_DO` Durable Object binding is configured in `wrangler.toml`.
|
||||
|
||||
> [!NOTE]
|
||||
> Durable Objects can incur two types of billing: compute and storage. Storage is not used in this project, and the free plan allows 100,000 requests and 13,000 GB-s duration per day, which should be more than enough for most users. See [Cloudflare Durable Objects pricing](https://developers.cloudflare.com/durable-objects/platform/pricing/) for details.
|
||||
|
|
@ -159,9 +159,6 @@ It's disabled by default. You can enable it by setting `HEAVY_DO_ENABLED=1` and
|
|||
|
||||
Configure environment variables in `wrangler.toml` under `[vars]`, or set them via Cloudflare Dashboard:
|
||||
|
||||
* **`HEAVY_DO_ENABLED`** (Optional, Default: `0`):
|
||||
- Enable routing CPU-heavy endpoints to Durable Object (`HEAVY_DO`).
|
||||
- Recommended on Free plan if you hit CPU time limits on import/login.
|
||||
* **`PASSWORD_ITERATIONS`** (Optional, Default: `600000`):
|
||||
- PBKDF2 iterations for server-side password hashing.
|
||||
- Minimum is 600000.
|
||||
|
|
|
|||
42
src/entry.js
42
src/entry.js
|
|
@ -10,7 +10,7 @@
|
|||
* the Rust/WASM layer with axum body conversion.
|
||||
*
|
||||
* Additionally, this wrapper can optionally offload CPU-heavy endpoints to a Rust Durable Object
|
||||
* (higher CPU budget) by enabling `HEAVY_DO_ENABLED=1` and binding `HEAVY_DO` in `wrangler.toml`.
|
||||
* (higher CPU budget) by binding `HEAVY_DO` in `wrangler.toml`.
|
||||
* This is used for operations like imports and password verification paths, keeping the main
|
||||
* Worker on a low-CPU fast path for typical requests.
|
||||
*
|
||||
|
|
@ -20,16 +20,6 @@
|
|||
import RustWorker from "../build/index.js";
|
||||
import { base64UrlDecode, handleAzureUpload, handleDownload } from "./attachments.js";
|
||||
|
||||
function isTruthy(value) {
|
||||
if (value == null) return false;
|
||||
const s = value.toString().trim().toLowerCase();
|
||||
return s === "1" || s === "true" || s === "yes" || s === "on";
|
||||
}
|
||||
|
||||
function heavyDoEnabled(env) {
|
||||
return isTruthy(getEnvVar(env, "HEAVY_DO_ENABLED", "0"));
|
||||
}
|
||||
|
||||
function getBearerToken(request) {
|
||||
const auth = request.headers.get("Authorization") || request.headers.get("authorization");
|
||||
if (!auth) return null;
|
||||
|
|
@ -106,19 +96,6 @@ function parseDownloadPath(path) {
|
|||
return null;
|
||||
}
|
||||
|
||||
// Helper to get env var with fallback
|
||||
function getEnvVar(env, name, defaultValue = null) {
|
||||
try {
|
||||
const value = env[name];
|
||||
if (value && typeof value.toString === "function") {
|
||||
return value.toString();
|
||||
}
|
||||
return value || defaultValue;
|
||||
} catch {
|
||||
return defaultValue;
|
||||
}
|
||||
}
|
||||
|
||||
// Main fetch handler
|
||||
export default {
|
||||
async fetch(request, env, ctx) {
|
||||
|
|
@ -126,17 +103,9 @@ export default {
|
|||
|
||||
// Optional: route selected CPU-heavy endpoints to Durable Objects.
|
||||
// This keeps the main Worker on a low-CPU path while allowing heavy work to complete.
|
||||
if (heavyDoEnabled(env)) {
|
||||
if (env.HEAVY_DO) {
|
||||
// Import: route to Rust Durable Object (HeavyDo) to reuse the existing Rust import logic.
|
||||
if (request.method === "POST" && url.pathname === "/api/ciphers/import") {
|
||||
if (!env.HEAVY_DO) {
|
||||
console.error("HEAVY_DO binding not configured");
|
||||
return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), {
|
||||
status: 500,
|
||||
headers: { "Content-Type": "application/json" },
|
||||
});
|
||||
}
|
||||
|
||||
// Shard by user id (JWT sub) WITHOUT verifying signature here (cheap).
|
||||
const token = getBearerToken(request);
|
||||
const sub = token ? decodeJwtPayloadUnsafe(token)?.sub : null;
|
||||
|
|
@ -148,13 +117,6 @@ export default {
|
|||
|
||||
// Auth/password verification: run inside Rust DO (higher CPU budget).
|
||||
if (isAuthDoPath(url.pathname)) {
|
||||
if (!env.HEAVY_DO) {
|
||||
return new Response(JSON.stringify({ error: "HEAVY_DO binding not configured" }), {
|
||||
status: 500,
|
||||
headers: { "Content-Type": "application/json" },
|
||||
});
|
||||
}
|
||||
|
||||
let name = "auth:default";
|
||||
|
||||
if (url.pathname === "/identity/connect/token") {
|
||||
|
|
|
|||
|
|
@ -43,10 +43,6 @@ html_handling = "auto-trailing-slash"
|
|||
run_worker_first = ["/api/*", "/identity/*"]
|
||||
|
||||
[vars]
|
||||
# Enable offloading CPU-heavy endpoints (login PBKDF2 + import JSON parse) to Durable Objects.
|
||||
# Defaults to disabled.
|
||||
HEAVY_DO_ENABLED = "1"
|
||||
|
||||
# Server-side password hashing PBKDF2 iterations (stored per-user).
|
||||
# Defaults to 600000, and will be clamped to a minimum of 600000 even if set lower.
|
||||
# Existing users created before this change are assumed to be at 100000 and will be upgraded on login.
|
||||
|
|
@ -96,9 +92,6 @@ keep_vars = true
|
|||
workers_dev = false
|
||||
preview_urls = false
|
||||
|
||||
[env.dev.vars]
|
||||
HEAVY_DO_ENABLED = "1"
|
||||
|
||||
[env.dev.durable_objects]
|
||||
bindings = [
|
||||
{ name = "HEAVY_DO", class_name = "HeavyDo" }
|
||||
|
|
|
|||
Loading…
Reference in a new issue