cloudflare / production-saas Goto Github PK

Build a JSON API that, on its own, is a feature-complete SaaS application.

Products

• Workers
• Workers KV
• Cloudflare for SaaS (vanity domains)
• Rate Limiting

Integrations

• Stripe – (test mode) payments
• SendGrid – transactional emails
• Sentry – Error reporting

• Automatic Worker(s) deployments on main branch
• Complete testing on every PR and all branches
• Port all Secrets and ENV into new repo

Complete coverage via:
- unit
- endpoints
- mock 3rd party
- mock cloudflare for saas

Relies on #7

Must finish my validation library* to standardize a way to declare models' validation rules and automate request body validation+errors.

* May or may not be a part of the worktop suite.

Will include a build-time plugin that automatically converts the validation rules/logic into JS function(s) for most efficient runtime code.

Hey, this is incredible idea, as I've been thinking myself how great workers can be for a CMS, and how much easier it would be to maintain than all the other CMS's out there. Curious of the status here? Is development continuing or has this project been abandoned? Thanks.

Headless CMS -> "headful" / monolithic CMS

• Render articles as HTML via Worker
• Respect private/public document access
• Allow users to select from (premade) themes list

Schemas belong to a Space and are a metered unit for a subscription.

Schemas are Document archetypes, ensuring all its Document children are valid and conform to the definition.

TODO

Define a system for the fields property that allows a customer to easily piece together input types with configurable validation logic. Might require a new Field model, but definitely requires some object-like representation that can live within KV. Requires #9 runtime

TBD – ongoing list of new features and/or products to integrate into the application.

Current ideas:

• R2 for media / document assets

• Cloudflare Images integration

• Durable Objects

  • Custom Rate Limiting
  • Collaborative, real-time document editor

• Services Integration
  Article Renderer (Phase 3) making calls to JSON API (Phase 1)

• Integrate and migrate API code to Pages w/ Functions setup
• Attach dashboard SPA for performing / managing all API capabilities

Send transaction emails to the "customer" for all account-related events:

• welcome
• email changed
• password changed
• password reset link

Admin tasks:

• Ensure SendGrid sender is up-to-date w/ demo domain
• Automatic SendGrid account setup (future/maybe?)

Dispatch calls to the Stripe API for full customer and billing needs.

Note: The API calls will be real, but we'll always be using "test mode" Stripe tokens

• Map User model changes to Stripe.Customer updates.
• Map Space, Document, Schema, and Member limits to Stripe.Subscription updates

@lukeed,

Cool project! I followed your svelte-worker-ssr demo a while back and some other Svelte stuff before. Super cool you joined Cloudflare and congrats. Rooting for your success here.

I think for this to truly take off, regardless of how awesome you make this code-wise, it needs clear documentation that targets absolute beginners. I think the pros will go elsewhere (for short term at least).

I am flagging this now because I think docs should be rolled out alongside the features you’re adding. And I think the features should start easiest first.

For example, I just want a dead-simple, suggested, and very opinionated solution that someone smarter than me has designed that’s easy to get started on.

So let’s say I want a static website and I want to host on Cloudflare Pages. This isn’t very exciting or groundbreaking. I could use a million tools to generate this.

Now, let’s add just one dynamic route. What if I want to go all-in with Workers? Well, kind of SOL from a getting starting stand point. It’s just one dynamic route, but now I’m using other community frameworks, third party adaptors that might break, the HTML rewriter in a messy file setup I threw together and all sorts of tools to use but not just an easy “here’s a super simple Cloudflare way of project where to put backend logic that meets your front end template”.

The PHP framework Larval comes to mind for something to draw inspiration from. It’s something that goes out of the way for their noobiest customer can pick up and do just basic routing to full blown crazy web apps. In fact, setup is just like 2 routes I think until you add on.

Check out their documentation and getting started process (yes, php); https://laravel.com/docs.

They have clean and easy explainers for everything. The code is painfully simple. This is a route code sample. This is a dynamic route code sample. This is a 404 route code sample. This is authenticated route code sample. This is POST example with formData. Etc…

It’s not “production-sass” demo that I think Worker audience needs and instead is a “Cloudflare-official-worker-app-starter”. Hopefully you see my point I am trying to make.

Just my annoying thoughts on direction you all are going. Congrats again. You’re a legend and excited to see your work!

Many of the project's dependencies are outdated, they should be bumped to the latest versions where possible. At a later stage, we have to see whether dependencies have been abandoned and need to be replaced

Full SaaS application running on Cloudflare is great. But are there any plans to build a CMS that commits to git to keep the content in the repo only and build with the CI/CD on Cloudflare?

Also if the website content is stored in the KV and a static JAMSTACK site is built, direct way to access KV from the API in the build phase, and CMS can direct save in KV would be great.

@lukeed Why not use thunderclap(A database on top of Workers KV) for this project.

https://github.com/anywhichway/thunderclap

During inspection and testing of several components, I found many holes and bad practices.

If I have time, I will list them all, but the most important one (and the one that really bugs me) is the fact that you create a JWT token containing ALL the information about the user.

This includes his password, salt... everything. Go to: https://www.javainuse.com/decodeJWT and decode the token you obtain when logging in:

{
	"uid": "...",
	"firstname": "...",
	"lastname": "...",
	"created_at": 1661322119,
	"last_updated": null,
	"password": "d5e838175810db5b0a65a8fad510c701cba81f5cdd0b683a445383301bc37499950e2856a2c39ede8545dd2dac2213bf9166db34c66ade91476c49d51a12d27f",
	"salt": "D7uxWw3hCSMibL20OaRW0agKwZrxcaJ0FyWvHfhq6Pe6TuzugTPMlsscWaqNaPm6JsPGYRxdUraqDg9D-1cM-eKwDHnyeSK8tUouL_S1nzJC8febBOartzJVWlUOoS0I",
	"iat": 1661324521,
	"exp": "166132452186400"
}

I'm not even sure where iat is coming from since it's not in the User object... I guess from worktop/jwt. Anyway, I suggest changing this to a more standard format like: https://www.javainuse.com/jwtgenerator

{
    "Issuer": "Issuer",
    "Issued At": "2022-08-24T06:56:07.654Z",
    "Expiration": "2022-08-24T06:56:07.654Z",
    "Username": "JavaInUse",
    "Role": "Admin"
}

Not sure if any of this matters since this looks like an abandoned project... but anyway, do not use it in production just yet.

Will be required before Durable Object usage (P3)

Requires Cache.reply and non-global context.bindings usage.

Strapi.io for admin CMS
Tina.io for frontend website

can lure nodejs/nextjs developers into this project

just like how appwrite.io perfectly fits on firebase
if strapi can perfectly fit on cloudflare...
what more do we need?

A readme with background information, some explanation and a getting started page

Migrate to miniflare@2 (currently in rc) for:

• local development
• unit testing
• e2e testing

I wanted to see if you were looking for contributors/maintainers to help support the project? I know Cloudflare's org has a blanket CONTRIBUTING doc, but I wasn't sure if it aligns with what your goal is for the project @lukeed.

Offer this as an add-on product within the SaaS.

Owners of a Space can "buy" a vanity domain for their space, which then affects their Stripe subscription (#10)