I'll check it out, thank you!

Thank you very much. In our context, we don't intended to let users publish their own code. It's internal stuff. We still want to have that layer of security though. I don't really want the engineers in team A to bind to a worker managed by team B without team B explicitly allowing it.

Ok, so this might be a little bit hacky, but if you use a system like GH Actions, and have it output the bindings, then someone has to approve the bindings before it is deployed?

Yeah there's nothing native that would let you do that, you'd need your own deploy workflow

That's a great idea.

Still looking for something like a runtime check.

The issue there is that CF has no concept of script ownership. Scripts are owned by the account, so there isn’t anyway to test/enforce a team having access to only specific bindings

The use case is a bit more complex than this actually. We have multiple services on Cloudflare Workers and want service-to-service communication. So far we're doing this with service bindings and it works well. The problem is scaling this up with environments. Which environment to use for which requests depends on the customer being served. That's a somewhat complex logic that we are offloading to a single service called "the Dispatcher". So now, instead of having service A binding to service B, we would have service A binding to the Dispatcher and the Dispatcher binding to the many environments of service B. When service A wants to call service B, it does a

fetch

to the Dispatcher with a URL that locates service B. It's up to the Dispatcher to route it to the appropriate environment. Now, I want a secure this by ensuring that every service is only callable from the Dispatcher. There are two layers of control: - Statically: Ensuring that an arbitrary binding cannot be set on a worker. For this you provided some good answers. - Dynamically: Validating that the request indeed comes from the Dispatcher. Short of singing the whole request, I don't how to do this.

So the best you can do is ensure every script runs through a single deployment pipeline, and then have that pipeline enforce the restrictions

So, I am not really looking for a builtin way to do this, but wondering if anybody has experience in doing service-to-service authentication.

That's exactly the plan. People can still set a binding manually through the web interface though. I'd have to lock that down (probably not a bad idea in of itself though).

You could just have a header that enforces the id of the sender

Any service would have knowledge of the ID though.

I know it might sound paranoid. 😅

There's no perfect way to do it for sure. I think I am just missing some policy enforcement on Cloudflare proper and need to make my peace with this.

Thank you very much for the ideas though.

Anyone know where I might find an example of using bound service workers with jest-environment-miniflare? I'm assuming it has something to do with mounts but I'm a bit lost.

assuming it's even possible 🤔

ah, miniflare apparently doesn't support nested mounts anyway, guess I'll just mock it out

do typescript sourcemaps not work for workers in

debug

mode?

Is it possible to connect to MongoDB directly (not through app services on Atlas) from a Worker? It didn't even occur to me that it might not be possible before I started going down this path

Workers only talk HTTP and WebSockets, so you always need a HTTP proxy in-front

hey, i think i found a bug in miniflare...

js
export class Counter {
  constructor() {
    setInterval(() => console.log(Date.now()), 1000);
  }

  async fetch() {
    return new Response('Hello, world!');
  }
}

wrangler dev --local --persist counter.js

--> every second, the current time is printed

wrangler dev --experimental-local --persist counter.js

--> every second, the time printed NEVER CHANGES

is this a known limitation?

Date.now() is Spectre-safe in real Workers

If you’re not doing I/O, it doesn’t update

😮

if there some documentation on that? or tips on how to work around?