deploy-protection
Deploy Cloudflare protections (Turnstile, WAF)
Deploy Cloudflare Protections
1. Turnstile (reCAPTCHA Replacement) - FREE
- Create Widget:
- Go to Cloudflare Dashboard > Turnstile.
- Site Name:
Legends of Hastinapur. - Domain:
legendsofhastinapur.com(andlocalhost). - Widget Mode: Managed.
- Copy Site Key and Secret Key.
- Frontend (
loh-website):- Add Turnstile component to forms (login, register, reserve).
- Pass token to backend via
X-Turnstile-Tokenheader or body.
- Backend Workers:
- Set secret:
wrangler secret put TURNSTILE_SECRET - Verify token with
https://challenges.cloudflare.com/turnstile/v0/siteverify - Already implemented in:
account-api,reservation-api,ticket-api
- Set secret:
2. Rate Limiting (Free Tier: 10 rules)
Go to Security > WAF > Rate Limiting Rules:
3. WAF Custom Rules (Free Tier: 5 rules)
Go to Security > WAF > Custom Rules:
4. Cache Optimization
- Shop API: Already has
Cache-Control: public, max-age=60, s-maxage=60 - Static Assets: Page Rule
legendsofhastinapur.com/assets/*-> Cache Everything, Edge TTL 1 day - Worker Optimization: Use KV for sessions, avoid D1 writes on read paths
5. Secrets Checklist
# account-api
wrangler secret put JWT_SECRET
wrangler secret put GOOGLE_CLIENT_ID
wrangler secret put GOOGLE_CLIENT_SECRET
wrangler secret put TURNSTILE_SECRET
# reservation-api
wrangler secret put TURNSTILE_SECRET_KEY
wrangler secret put ADMIN_API_KEY
# ticket-api
wrangler secret put TURNSTILE_SECRET
wrangler secret put GEMINI_API_KEY