add backend & full support for cloudflare workers

2026-03-03 15:22:40 +08:00
parent 8dada7f9e3
commit da0a5e29cc
16 changed files with 12978 additions and 421 deletions
--- a/backend/README.md
+++ b/backend/README.md
@@ -0,0 +1,67 @@
+# backend (Cloudflare Workers demo)
+
+This demo shows how to run the Wisp proxy path (`/wisp/`) on Cloudflare Workers by combining:
+
+- Wisp protocol handling from `@mercuryworkshop/wisp-js`
+- Outbound TCP from `cloudflare:sockets`
+
+It is a minimal proof-of-concept based on:
+
+- `../../AssppWeb/backend/src/services/wsProxy.ts`
+- `../wisp-js`
+
+The Worker also serves static files from `../frontend/dist` via Wrangler `assets`.
+
+## What this demo supports
+
+- `GET /healthz` health check
+- `WS /wisp/` Wisp v2 server path
+- Apple host allowlist + port `443` only
+- Optional token auth (`?token=...`)
+
+## What this demo does not support
+
+- UDP streams (disabled)
+- Legacy wsproxy path (for example `/wisp/example.com:443`)
+- Asspp backend HTTP APIs (`/api/*`)
+
+## Setup
+
+```bash
+cd backend
+bun install
+bun run types
+bun run check
+```
+
+`bun run check` will build frontend first, then run Worker dry-run deploy.
+
+## Local dev
+
+```bash
+cd backend
+bun run dev
+```
+
+Default local URL: `http://127.0.0.1:8787`
+
+## Deploy
+
+```bash
+cd backend
+bun run deploy
+```
+
+## Optional auth
+
+Set one of these as Worker secrets:
+
+1. `ACCESS_TOKEN_HASH` (preferred): expected token value directly
+2. `ACCESS_PASSWORD`: plaintext password, Worker computes SHA-256 hex and compares with `?token=`
+
+```bash
+cd backend
+bunx wrangler secret put ACCESS_TOKEN_HASH
+# or
+bunx wrangler secret put ACCESS_PASSWORD
+```