Cloudflare Auth Service

Secure, scalable, and developer-friendly authentication for the modern web.
Deploy in seconds to the Edge with Cloudflare Workers and D1.

📚 Read the Documentation

---

🚀 Why Cloudflare Auth?

• Global Scale: Runs on Cloudflare's global edge network for low-latency authentication anywhere.
• Cost Effective: leveraging Cloudflare Workers and D1's generous free tiers.
• Data Ownership: You own your user data. No vendor lock-in.
• Developer First: Built with modern tools (Hono, Drizzle, React) for a great DX.

✨ Features

• 🏢 Multi-Project Support: Isolated user tables for each of your projects.
• 🔐 JWT Authentication: Secure, per-project JWT secrets with configurable expiry.
• 🌐 OAuth Integration: Drop-in support for Google, GitHub, Microsoft, Apple, and custom providers.
• 🛡️ Admin Interface: A beautiful, separate admin UI for managing your projects and users.
• 🌓 Theme Support: Dark/Light mode support in Admin UI.
• 🚦 Rate Limiting: Built-in, configurable rate limits to protect your API.
• 📜 Audit Logging: Comprehensive logging of all security events for compliance.
• 📧 Email Integration: First-class support for major providers, managed via UI:
  • SendGrid
  • Mailgun
  • Postmark
  • Resend
  • SMTP

🛡️ Security Best Practices

Traffic Filtering

To keep your authentication service secure and performant, we strongly recommend configuring a Cloudflare Custom Rule (WAF) to filter out unwanted traffic. This ensures that only legitimate API calls and Admin UI access reach your Worker, saving costs and reducing the attack surface.

Recommended WAF Expression:

(http.request.full_uri wildcard r"https://auth.yourdomain.com/*" and not starts_with(http.request.uri.path, "/admin") and not starts_with(http.request.uri.path, "/api"))

Replace auth.yourdomain.com with your actual authentication domain.

This rule blocks requests that do not target the /admin interface or the /api endpoints, preventing bots and scanners from probing unrelated paths.

🛠️ Prerequisites

• Node.js (v24 or later)
• Cloudflare Wrangler CLI

🤖 AI-Powered Integration

Want to integrate this auth service into your app using AI? Check out our LLM Integration Prompt. Simply copy-paste it into Cursor, Copilot, or ChatGPT to generate a full auth client for your specific tech stack.

⚡️ Setup & Deployment

1. Install Dependencies

npm install
cd admin && npm install && cd ..

2. Configure Environment

Copy the example environment file:

cp .dev.vars.example .dev.vars

Edit .dev.vars and fill in your values:

• Admin Secrets: Generate secure random strings for session and encryption keys.

Note: Email configuration is managed directly in the Admin Interface under "Settings" -> "Email Providers".

3. Database Setup

Create a D1 database in your Cloudflare account:

wrangler d1 create auth-db

Update wrangler.toml with the database_id from the output.

Apply migrations:

# For local development
npm run db:migrate:local

# For production
npm run db:migrate

4. Admin UI Build

Build the admin interface:

cd admin
npm run build
cd ..

5. Deployment

Deploy to Cloudflare Workers:

npm run deploy

💻 Development

Start the local development server:

npm run dev

The service will be available at http://localhost:8787.

---

🌟 Show your support

Give a ⭐️ if this project helped you!

Found a bug? Open an issue.