Skip to content

feat(amsg): 单用户 Cloudflare Worker 模式(server 单用户 + client serverToken)#14

Merged
Tosd0 merged 22 commits into
mainfrom
feat/amsg-single-user-cloudflare
Jul 1, 2026
Merged

feat(amsg): 单用户 Cloudflare Worker 模式(server 单用户 + client serverToken)#14
Tosd0 merged 22 commits into
mainfrom
feat/amsg-single-user-cloudflare

Conversation

@Tosd0

@Tosd0 Tosd0 commented Jul 1, 2026

Copy link
Copy Markdown
Owner

概述

@rei-standard/amsg-server 能以「单用户」模式跑在一个 Cloudflare Worker 上:定时消息存 D1,定时投递用 CF Cron Trigger,绕过多租户注册表 / Blob / tenant token。@rei-standard/amsg-client 同步加一个可选 serverToken

改后是这样:只替换 tenant-context 一层,5 个业务 handler(schedule / messages / update / cancel / user-key)一行不改直接复用;定时批处理内核抽成共享纯函数,HTTP handler 与 CF cron 共用。

主要内容

分类 内容
D1 存储 SQLite 方言 schema 常量;createD1Adapter 实现现有 DbAdapter 全部 13 方法(时间戳归一化、uuid 唯一冲突→409)
单用户接线 createSingleUserContextManager(接口同构,可选共享密钥)、单用户建表路由、createSingleUserServer 组装
CF Worker createSingleUserCloudflareWorker{ fetch, scheduled };fetch 路由 6 个端点(无 HTTP send-notifications),scheduled 跑定时投递;入口带错误边界返回 JSON 500
定时批处理 抽出 runScheduledTick 纯函数,多租户 send-notifications handler 改为委托(行为逐字保持)
Web Push 移植 instant 的纯 Web Crypto 实现(web-push npm 在 Worker 上跑不了),createWebCryptoWebPush 适配
安全 可移植 constant-time 比较(Node + Worker 通用);可选 serverTokenX-Client-Token 校验,全端点鉴权回归守卫
client 可选 serverToken,给 5 个 amsg-server 端点带 X-Client-Token;instant 路径不受影响
示例 server/examples/cloudflare-single-user/(worker + wrangler + schema.sql + README)

测试

  • 全 TDD,逐任务 spec + 代码质量双审,另加最终集成审查
  • 全仓库测试:server 114 / client 66 / instant 187 / shared 49 / sw 56,0 fail
  • 全量构建通过;含单用户端到端全链路(schedule→list→cancel、scheduled tick)与全端点鉴权守卫

发布

已带 changeset(@rei-standard/amsg-server@rei-standard/amsg-client 各一条 minor)。

🤖 Generated with Claude Code

Tosd0 and others added 18 commits July 1, 2026 13:52
单用户跑在 CF Worker 上:schedule 存 D1,cron 用 CF Cron Trigger。
只替换 tenant-context 层,复用现有 handler / 加密 / 消息处理。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- 砍掉 HTTP send-notifications 兜底,定时只走 CF scheduled(),堵住免验触发(P1)
- init 单独写建表路由,不复用会校验 driver/databaseUrl 的旧 handler(P2)
- serverToken 只加到 amsg-server 端点,不碰 instant 路径,避免和 instantClientToken 撞头(P2)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a single-user mode for @rei-standard/amsg-server to run on a Cloudflare Worker using D1 and Cron Triggers, alongside client-side support for a shared serverToken. The feedback highlights critical security and robustness improvements: addressing potential SQL injection risks in the D1 adapter's update methods by whitelisting allowed columns, normalizing pathnames in the Worker's router to prevent trailing slash mismatches, and adding a default parameter to createWebCryptoWebPush to avoid runtime crashes when called without arguments.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread packages/rei-standard-amsg/server/src/server/adapters/d1.js
Comment thread packages/rei-standard-amsg/server/src/server/adapters/d1.js
Comment thread packages/rei-standard-amsg/server/src/server/cloudflare/single-user-worker.js Outdated
@Tosd0 Tosd0 merged commit fdc6bf2 into main Jul 1, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant