feat: add support for skew protection

[vicb]

There are 2 main files in this PR:

packages/cloudflare/src/cli/commands/skew-protection.ts (build time)

This builds a mapping from deploymentId to the worker version at build time.
Note that because the worker you are building has no version yet, "current" is used instead.

packages/cloudflare/src/cli/templates/skew-protection.ts (runtime)

At runtime, if a particular version is requested and it is present in the mapping,
we'll fetch the result from a preview URL with a hostname of <version>-<worker_name>.<domain>.workers.dev

How to use it:

• set cloudflare.skewProtection.enabled to true in your OpenNext config
• provide values for the new env vars added to packages/cloudflare/src/api/cloudflare-context.ts
• update your next config to set the deployementId - you can use the getDeploymentId() helper
• set run_worker_first to true

Docs PR opennextjs/docs#164

TODO:

• add tests
• handle assets (will need to run the worker before the asset worker)
• follow-up: move the skew protection logic in the aws/routing layer with pluggable overrides -> see feat: add support for serving assets from the routing layer #768

[changeset-bot]

🦋 Changeset detected

Latest commit: 17064f4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@opennextjs/cloudflare	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@opennextjs/cloudflare@746

commit: 17064f4

[conico974]

I just took a really quick look for now, will make a proper review later

[james-elicx]

I think this is looking pretty good on my initial read though. Going to have another look later on as well.

[james-elicx]

I think this looks good and the logic makes sense to me.

It might be nice for us to look at having an e2e that runs against a deployment at some point in the future, for testing features like this.

[sommeeeer]

LGTM

[vicb]

Thanks for the review @sommeeeer !

[conico974]

Just a few nits/question, other than that LGTM

[conico974]

I think we should have only one instance of this, that we spawn at the beginning and that we dispose at the end. It's a bit wasteful to launch multiple workerd process.
And once we have support for remote bindings here, we could reuse it to populate the cache directly (which should be way faster)

[conico974]

Does this one respect the _headers file ?

[vicb]

It should but I'll test that

[vicb]

Actually it doesn't, see https://developers.cloudflare.com/workers/static-assets/headers/#custom-headers

[vicb]

Follow up:

• Check what Next does add by default and apply that in the asset resolver
• Document how to override (using middleware or Next config)

[vicb]

I have rebase the PR on top of #768 as the asset resolver will be used to resolve the assets from previous versions (when run_worker_first=false the worker does not get a chance to override the assets as they are served even before the worker is executed).

Docs plan (today/tomorrow)

• write some new doc for the asset resolver
• update the existing doc for the skew protection to sync with this PR

@dario-piotrowicz @james-elicx @conico974 please take a look at the PR when you get a chance.

Thanks!

[conico974]

Just a few nits/question, but other than that LGTM.
BTW do we want to allow users to override the assets resolver ?

[conico974]

Why this change ?

[vicb]

I used this API for debugging (the env contains the build id, deployment id, and deployment mapping) and the response was easier to read when formatted this way.

[conico974]

Can the client return this in the wrong order ? This is not tested here

[vicb]

In my experience, the client always returns an ordered lists.

BUT I agree we should not rely on the result of a few experiments.

That's why I pay special attention to not order the input (~2 is before ~1) and you can see that the output of listWorkerVersions is ordered (~2 after ~1)

[vicb]

BTW do we want to allow users to override the assets resolver ?

Yes we should but I agree that our current defineCloudflareConfig is not flexible enough:

export default {
	...defineCloudflareConfig({
		incrementalCache: r2IncrementalCache,
	}),
	cloudflare: {
		skewProtection: {
			enabled: false,
		},
	},
} satisfies OpenNextConfig;

As of today users can override the assets resolver but the syntax is not great.

I'll try to work on a better way to do that.