
Show HN: Serverless doc writing app built using Cloudflare Workers and KV Store - Sandeepg33k
https://telex.blog
======
guessmyname
Nice, but I’m disappointed a website behind CloudFlare [1] allows XSS [2]

[1] [https://www.cloudflare.com/waf/](https://www.cloudflare.com/waf/)

[2] [https://telex.blog/p/0yg14u6j](https://telex.blog/p/0yg14u6j)

~~~
Sandeepg33k
Update: Has been fixed now.

~~~
Wheaties466
Still able to XSS with link 2.

~~~
Sandeepg33k
That must be an old link. I have left them untouched.

~~~
Sandeepg33k
The old links have been fixed now. :)

------
SimplyUseless
Well done!

I hear a lot of complaints about serverless for performance and cost but I
think this is exactly what Serverless is meant to do - Reduce upfront cost for
low traffic and remove the barrier of managing infrastructure.

Many app welcome the benefits despite the tradeoffs.

------
stevelacy
Amazingly quick loads, slick project. I'd suggest adding a required class or
warning to the inputs, I was hitting the publish button a few times wondering
why it didn't publish until I filled out the title as I thought the "name"
field was the title field.

~~~
Sandeepg33k
Thanks for the comment. Will add the warnings for sure. I just built this in
under an hour to test Workers KV. :)

------
craig
Can you drop a link to the source code?

Also I saw kv has a 10s possible eventual consistency for writes, did you bump
into this at all? (This is what's stopping me using it for crud apps)

------
jamesmcintyre
I have been looking into the viability of putting auth and basic user data in
Worker + KV. For auth I'm currently using firebase/google auth and I'm
wondering if there's a strategy to authenticate with firebase that wouldn't
require a auth request to firebase on every request but instead allow sessions
and possibly caching session info in KV. Have any thoughts?

~~~
steveklabnik
PM of KV here.

People have certainly done auth with Workers and KV before.
[https://liftcodeplay.com/2018/10/16/pushing-my-api-to-the-
ed...](https://liftcodeplay.com/2018/10/16/pushing-my-api-to-the-edge-
part-2-authentication-and-authorization/) and
[https://gist.github.com/bcnzer/04620abc992da72f83f6f1c61d71c...](https://gist.github.com/bcnzer/04620abc992da72f83f6f1c61d71c93c)
are two examples I've seen using JWT. We added expirations to KV to handle
these sorts of use cases. I don't have a pre-built firebase example handy, but
I think this should work pretty well. You'd store the ID and refresh tokens in
KV, and then use those when talking to Firebase. Sounds about right. Feel free
to reach out if you give it a shot and run into issues:
sklabnik@cloudflare.com

~~~
jamesmcintyre
Thanks @steveklabnik! That helps a lot! I'll reach out if I run into trouble!

------
JoshuaMulliken
This is pretty interesting. I am interested in learning more about serverless
so I will be excited when the source code becomes available

------
jcmontx
Is static site hosting an usecase for CF workers or is this being hosted
somewhere else?

~~~
kentonv
[https://workers.cloudflare.com/sites/](https://workers.cloudflare.com/sites/)

------
k__
Do CF Workers need an API-Gateway, like AWS Lambda?

(I know Lambda can also be accessed via the SDK)

~~~
steveklabnik
They do not.

~~~
k__
Oh btw.

Is there a plan to change the 30 worker limit?

It seems to limit the system to small/medium projects only when you can only
have 30 workers and every worker can only have 1MB scripts.

I mean, they don't even offer to pay for more. They just tall about some
nebulous enterprise option on the "limits" page.

~~~
steveklabnik
I'm not in charge of that part of things, so I'm not sure, to be honest. We do
sometimes give folks more on a case-by-case basis.

------
meritt
You should consider sanitizing user input.

~~~
Sandeepg33k
Sure! I just built this quickly to demonstrate the capability of Workers KV.
Will take care of it. Thanks for the comment.

------
steveklabnik
Awesome!

~~~
Sandeepg33k
Thanks! :-)

------
jppope
did you publish the source code?

~~~
Sandeepg33k
Not yet. I am planning to write a tutorial soon with code snippets.

~~~
thaunatos
Please do! Would love to read about how you did it :-)

