The Castle Cloudflare Worker allows you to put Castle's risk engine right on the edge, in a Cloudflare worker.
Once you've installed the worker and configured the CASTLE_API_SECRET
, the worker will listen for POSTs to the /users/sign_up
route.
The POST must include a Castle request_token
, and optionally an email
field that is used map events to existing users.
When the worker receives the POST, it will in turn make a POST to Castle, and receive a risk score in return. If result has deny
action, then the worker will respond with a defined response. Otherwise worker with simply forward the request to the upstream.
You'll need a Castle account and a Cloudflare account to get started.
Additionally you need to install the Castle.js script, which will be used to generate a unique "request token" for each request to your server. Without this request token, requests to Castle's API will be rejected.
If you don't have a Castle account already, you can set up a free trial. You will need your Castle API Secret, which can be found in the Settings section of your Castle dashboard.
If you're going to use the Deploy with Workers
option (see below), you'll need your Cloudflare account ID and an API Token.
There are two options for installing this worker, a "manual" method and a Deploy with Workers
method.
-
Create or open the Cloudflare worker where you would like to install the Castle worker code.
-
Add Environment Variable to your worker:
CASTLE_API_SECRET
โ assign your Castle API Key to this variable.
You can retrieve your
CASTLE_API_SECRET
from the settings section of your Castle dashboard. -
Copy and paste the contents of the
index.js
file in this repo to your Worker. -
Customize for your needs
-
Preview/Save and deploy!
Press the Deploy with Workers
button. You will be redirected to a dedicated deployment page.
-
Authorize GitHub with Workers
Authorization allows to fork the project from Github and deploy it after finishing the setup.
-
Configure Cloudflare Account
Add Cloudflare Account ID (
CF_ACCOUNT_ID
) and Cloudflare API Token with "Edit Workers" permissions (CF_API_TOKEN
). They will be auto-uploaded as Github actions secrets.After this step,
castle-cloudflare-worker-sample
repository should be forked to your organization. -
Deploy with GitHub Actions
Navigate to
Settings > Secrets
tab of the forked repository.Update
Repository Secrets
โ add Castle API secret available in Castle Dashboard asCASTLE_API_SECRET
to Github actions secrets.Now you can finalize the deployment by pressing the
Deploy
button.