This guide explains how to configure Cloudflare Zero Trust authentication for the multiplayer game.
- A Cloudflare account with Zero Trust enabled
- A domain managed by Cloudflare
- Node.js application deployed and accessible
- Log into the Cloudflare dashboard
- Go to Zero Trust > Access > Applications
- Click "Add an application"
- Choose "Self-hosted" application type
- Configure the application:
- Application name: Patland Game
- Subdomain: patland (or your preferred subdomain)
- Domain: your-domain.com
- Path: Leave empty for entire application
- In the application settings, go to "Authentication"
- Add your preferred identity providers:
- Google Workspace
- Microsoft Azure AD
- GitHub
- Or any other supported provider
- Go to "Policies" tab in your application
- Create a policy to allow access:
- Policy name: Allow Game Access
- Action: Allow
- Rules: Configure based on your requirements (e.g., specific email domains, groups, etc.)
- In your application settings, note down:
- Application Audience (AUD): Found in the application overview
- Team domain: your-team-name.cloudflareaccess.com
Update your .env file with the Cloudflare configuration:
# Cloudflare Zero Trust Configuration
CLOUDFLARE_TEAM_DOMAIN=your-team-name.cloudflareaccess.com
CLOUDFLARE_POLICY_AUD=your-application-aud-from-cloudflare
CLOUDFLARE_CERTS_URL=https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs
# Database Configuration
DATABASE_TYPE=json
DATABASE_PATH=./data/players.json
# JWT Secret for session management
JWT_SECRET=your-secure-random-jwt-secret
# Server Configuration
PORT=80- ✅ Cloudflare Zero Trust JWT verification
- ✅ Automatic user authentication on page load
- ✅ Socket.io connection authentication
- ✅ User identity management (email, name, unique ID)
- ✅ Player inventory persistence across sessions
- ✅ Player position saving and restoration
- ✅ Skill progression tracking
- ✅ Automatic save on inventory changes
- ✅ Automatic save on player movement
- ✅ JSON file-based storage (easily replaceable with database)
- ✅ Seamless authentication without disrupting gameplay
- ✅ User display in game interface
- ✅ Authenticated user name in game
- ✅ Secure player data management
- User Access: When a user visits the game URL, Cloudflare Zero Trust intercepts the request
- Authentication: User is redirected to configured identity provider if not authenticated
- JWT Generation: Cloudflare generates a JWT token containing user information
- Game Access: Authenticated users access the game with JWT in headers
- Server Verification: Game server verifies JWT against Cloudflare's public keys
- Player Creation/Loading: Server creates new player or loads existing player data from database
- Persistent Storage: All game progress (inventory, position, skills) is automatically saved
For development/testing without Cloudflare Zero Trust:
- Set environment variables to dummy values
- The authentication middleware will need to be bypassed or mocked
- Consider creating a development mode that skips authentication
The current implementation uses JSON file storage. To migrate to a proper database:
- Implement new database adapter in
app/database.js - Update the Database class methods to use your preferred database (MongoDB, PostgreSQL, etc.)
- No changes needed in other parts of the application
- JWT tokens are verified against Cloudflare's public keys
- User sessions are managed securely
- Player data is isolated by authenticated user ID
- All database operations are tied to authenticated users
- Authentication Failed: Check Cloudflare application configuration and environment variables
- Database Errors: Ensure
data/directory exists and is writable - Connection Issues: Verify JWT token is being passed correctly in socket connection
- Server console for authentication errors
- Browser console for client-side authentication issues
- Cloudflare Access logs for policy violations