This repo is a Cloudflare Worker that serves the Ace Archive API using data from the Cloudflare D1 SQLite database.
See the website for more information.
Pagination cursors are encrypted, for a few reasons:
- We can trivially detect an invalid cursor argument without any complex logic or querying the upstream data source.
- The contents of the cursor are opaque to the user, which prevents them from trying to interpret or parse it.
- The cursor we return is always different for every request. This prevents the user from relying on the contents of the cursor being deterministic.
The encryption key is stored in a worker secret called CURSOR_ENCRYPTION_KEY.
You can generate a key in the browser JS console like this:
const key = await crypto.subtle.generateKey({ name: "AES-GCM", length: 128 }, true, ["encrypt", "decrypt"])
const jwk = JSON.stringify(await crypto.subtle.exportKey("jwk", key));
console.log(jwk);