feat(amsg): 单用户 Cloudflare Worker 模式(server 单用户 + client serverToken)#14
Conversation
单用户跑在 CF Worker 上:schedule 存 D1,cron 用 CF Cron Trigger。 只替换 tenant-context 层,复用现有 handler / 加密 / 消息处理。 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- 砍掉 HTTP send-notifications 兜底,定时只走 CF scheduled(),堵住免验触发(P1) - init 单独写建表路由,不复用会校验 driver/databaseUrl 的旧 handler(P2) - serverToken 只加到 amsg-server 端点,不碰 instant 路径,避免和 instantClientToken 撞头(P2) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request introduces a single-user mode for @rei-standard/amsg-server to run on a Cloudflare Worker using D1 and Cron Triggers, alongside client-side support for a shared serverToken. The feedback highlights critical security and robustness improvements: addressing potential SQL injection risks in the D1 adapter's update methods by whitelisting allowed columns, normalizing pathnames in the Worker's router to prevent trailing slash mismatches, and adding a default parameter to createWebCryptoWebPush to avoid runtime crashes when called without arguments.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
概述
让
@rei-standard/amsg-server能以「单用户」模式跑在一个 Cloudflare Worker 上:定时消息存 D1,定时投递用 CF Cron Trigger,绕过多租户注册表 / Blob / tenant token。@rei-standard/amsg-client同步加一个可选serverToken。改后是这样:只替换 tenant-context 一层,5 个业务 handler(schedule / messages / update / cancel / user-key)一行不改直接复用;定时批处理内核抽成共享纯函数,HTTP handler 与 CF cron 共用。
主要内容
createD1Adapter实现现有DbAdapter全部 13 方法(时间戳归一化、uuid 唯一冲突→409)createSingleUserContextManager(接口同构,可选共享密钥)、单用户建表路由、createSingleUserServer组装createSingleUserCloudflareWorker→{ fetch, scheduled };fetch 路由 6 个端点(无 HTTP send-notifications),scheduled 跑定时投递;入口带错误边界返回 JSON 500runScheduledTick纯函数,多租户 send-notifications handler 改为委托(行为逐字保持)web-pushnpm 在 Worker 上跑不了),createWebCryptoWebPush适配serverToken经X-Client-Token校验,全端点鉴权回归守卫serverToken,给 5 个 amsg-server 端点带X-Client-Token;instant 路径不受影响server/examples/cloudflare-single-user/(worker + wrangler + schema.sql + README)测试
发布
已带 changeset(
@rei-standard/amsg-server与@rei-standard/amsg-client各一条 minor)。🤖 Generated with Claude Code