feat: add daily request limit and refactor access control (#759)

- Add daily request limit per IP in blacklist settings (1-1,000,000/day)
- Refactor access control logic: merge blacklist and rate limit checks
- Remove RATE_LIMIT_API_DAILY_REQUESTS env var, use database config instead
- Move x-custom-auth check earlier in middleware chain
- Add comprehensive English documentation (31 new guide pages)
- Improve code structure and error handling

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Dream Hunter
2025-11-08 12:46:30 +08:00
committed by GitHub
parent eaeac8ebec
commit b337a44e62
44 changed files with 1983 additions and 154 deletions

View File

@@ -0,0 +1,30 @@
# Initialize/Update D1 Database
When executing the wrangler login command for the first time, you will be prompted to log in. Follow the prompts to complete the login process.
## Initialize Database
```bash
cd worker
cp wrangler.toml.template wrangler.toml
# Create D1 and execute schema.sql
wrangler d1 create dev
wrangler d1 execute dev --file=../db/schema.sql --remote
```
After creation, you can see the D1 database in the Cloudflare console.
![D1](/readme_assets/d1.png)
## Update Database Schema
For `schema` updates, please confirm your previously deployed version.
Check the [Changelog](https://github.com/dreamhunter2333/cloudflare_temp_email/blob/main/CHANGELOG.md)
Find the `patch` file you need to execute and run it, for example:
```bash
cd worker
wrangler d1 execute dev --file=../db/2024-01-13-patch.sql --remote
wrangler d1 execute dev --file=../db/2024-04-03-patch.sql --remote
```

View File

@@ -0,0 +1,51 @@
# Cloudflare Pages Frontend
> [!warning] Notice
> Choose one of the following methods
## Deploy Worker with Frontend Assets
Refer to [Deploy Worker](/en/guide/cli/worker#deploy-worker-with-frontend-optional)
## Separate Frontend and Backend Deployment
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
```bash
cd frontend
pnpm install
cp .env.example .env.prod
```
Modify the `.env.prod` file.
Change `VITE_API_BASE` to the `worker` `url` created in the previous step. Do not add `/` at the end.
For example: `VITE_API_BASE=https://xxx.xxx.workers.dev`
```bash
pnpm build --emptyOutDir
# The first deployment will prompt you to create a project, for production branch enter production
pnpm run deploy
```
After deployment, you can see your project in the Cloudflare console. You can configure a custom domain for `pages`.
![pages](/readme_assets/pages.png)
## Forward Backend Requests Through Page Functions
Forwarding requests from page functions to the worker backend can achieve faster response times.
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
If your worker backend name is not `cloudflare_temp_email`, please modify `pages/wrangler.toml`.
```bash
cd frontend
pnpm install
# If you want to enable Cloudflare Zero Trust, you need to use pnpm build:pages:nopwa to disable caching
pnpm build:pages
cd ../pages
pnpm run deploy
```

View File

@@ -0,0 +1,17 @@
# Prerequisites
## Installing wrangler
Install wrangler
```bash
npm install wrangler -g
```
## Clone the Project
```bash
git clone https://github.com/dreamhunter2333/cloudflare_temp_email.git
# Switch to the latest tag or the branch you want to deploy, you can also use the main branch directly
# git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
```

View File

@@ -0,0 +1,147 @@
# Cloudflare Worker Backend
> [!warning] Notice
> The `worker.dev` domain is not accessible in China, please use a custom domain
## Initialize Project
```bash
cd worker
pnpm install
cp wrangler.toml.template wrangler.toml
```
## Create KV Cache
> [!NOTE]
> If you want to enable user registration and need to send email verification, you need to create a `KV` cache. You can skip this step if not needed.
> If you need Telegram Bot, you need to create a `KV` cache. You can skip this step if not needed.
Create KV cache through command line, or create it in the Cloudflare console, then copy the corresponding configuration to the `wrangler.toml` file.
```bash
wrangler kv:namespace create DEV
```
## Modify `wrangler.toml` Configuration File
> [!NOTE] Note
> For more variable configurations, please check [Worker Variables Documentation](/en/guide/worker-vars)
```toml
name = "cloudflare_temp_email"
main = "src/worker.ts"
compatibility_date = "2024-09-23"
compatibility_flags = [ "nodejs_compat" ]
# If you want to use a custom domain, you need to add routes configuration
# routes = [
# { pattern = "temp-email-api.xxxxx.xyz", custom_domain = true },
# ]
# If you want to deploy a worker with frontend assets, you need to add assets configuration
# [assets]
# directory = "../frontend/dist/"
# binding = "ASSETS"
# run_worker_first = true
# If you want to use scheduled tasks to clean up emails, uncomment the following and modify the cron expression
# [triggers]
# crons = [ "0 0 * * *" ]
# Send emails through Cloudflare
# send_email = [
# { name = "SEND_MAIL" },
# ]
[vars]
# Email name prefix, can be configured as an empty string or not configured if no prefix is needed
PREFIX = "tmp"
# All domains used for temporary email, supports multiple domains
DOMAINS = ["xxx.xxx1" , "xxx.xxx2"]
# Secret key for generating JWT, JWT is used for user login and authentication
JWT_SECRET = "xxx"
# Admin console password, if not configured, console access is not allowed
# ADMIN_PASSWORDS = ["123", "456"]
# Whether to allow users to create emails, not allowed if not configured
ENABLE_USER_CREATE_EMAIL = true
# Allow users to delete emails, not allowed if not configured
ENABLE_USER_DELETE_EMAIL = true
# D1 database name and ID can be viewed in the Cloudflare console
[[d1_databases]]
binding = "DB"
database_name = "xxx" # D1 database name
database_id = "xxx" # D1 database ID
# KV config for user registration email verification, can be skipped if user registration is not enabled or registration verification is not enabled
# [[kv_namespaces]]
# binding = "KV"
# id = "xxxx"
# Rate limit configuration for new address /api/new_address
# [[unsafe.bindings]]
# name = "RATE_LIMITER"
# type = "ratelimit"
# namespace_id = "1001"
# # 10 requests per minute
# simple = { limit = 10, period = 60 }
# Bind other workers to process emails, for example, using auth-inbox AI capabilities to parse verification codes or activation links
# [[services]]
# binding = "AUTH_INBOX"
# service = "auth-inbox"
```
## Deploy Worker with Frontend (Optional)
> [!NOTE]
> If you don't need a [worker with frontend], you can skip this step.
> Refer to the frontend deployment documentation later for separate frontend and backend deployment.
Ensure the frontend assets are built to the `frontend/dist` directory.
```bash
cd frontend
pnpm install --no-frozen-lockfile
pnpm build:pages
```
Add the following configuration to the `wrangler.toml` file in the `worker` directory.
```toml
[assets]
directory = "../frontend/dist/"
binding = "ASSETS"
run_worker_first = true
```
## Telegram Bot Configuration
> [!NOTE]
> If you don't need Telegram Bot, you can skip this step.
Please create a Telegram Bot first, then get the `token`, and execute the following command to add the `token` to secrets.
```bash
pnpm wrangler secret put TELEGRAM_BOT_TOKEN
```
## Deploy
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
```bash
pnpm run deploy
```
After successful deployment, you can see the `worker` `url` in the routes, and the console will also output the `worker` `url`.
![worker](/readme_assets/worker.png)
> [!NOTE]
> Open the `worker` `url`, if it displays `OK`, the deployment is successful.
>
> Open `/health_check`, if it displays `OK`, the deployment is successful.