Version: v1.5.0 (per‑file ACL + web editor + admin list)

This guide documents a secure workflow to store multiple JSON files in Cloudflare R2 and access them via a Cloudflare Worker using token-based permissions.

1) System Overview

You have three parts:

1. R2 bucket named jsons that stores objects like x.json.

2. Worker that:

• authenticates requests using a token
• enforces per‑file access rules (RO/RW/Admin)
• returns JSON as application/json

3. Custom domain route to the Worker (not documented here by name).

2) Placeholders Used in This Manual

• <BASE_URL>: the public base URL for your Worker route
• <TOKEN_ADMIN>: the Admin secret value
• <TOKEN_<NAME>_RO>: a read‑only token for one JSON file
• <TOKEN_<NAME>_RW>: a read+write token for one JSON file

3) Permission Model (RO / RW / Admin)

The Worker supports three identity types:

3.1 Admin

• Secret name: TOKEN_ADMIN
• Rights: read/write any key, open admin panel, edit any file.

3.2 Read‑Only token (RO)

• Secret name pattern: TOKEN_<NAME>_RO
• Rights: read exactly one key only
• Not allowed: open editor, save changes.

3.3 Read+Write token (RW)

• Secret name pattern: TOKEN_<NAME>_RW
• Rights: read and edit exactly one key only
• Allowed: open web editor and save JSON.

Important: Tokens are not interchangeable unless you intentionally assign the same value.

4) One‑Time Setup (Cloudflare UI)

4.1 Create the R2 bucket

1. Cloudflare Dashboard → R2
2. Create bucket
3. Bucket name: y
4. Create

4.2 Create / deploy the Worker

1. Cloudflare Dashboard → Workers & Pages
2. Create Worker
3. Paste the full Worker code (v1.5.0)
4. Deploy

4.3 Bind the bucket to the Worker

1. Worker → Settings → Bindings
2. Add binding:
   • Type: R2 bucket
   • Variable name: CONFIG
   • Bucket: jsons
3. Save

4.4 Configure secrets (tokens)

1. Worker → Settings → Variables and Secrets
2. Add Secrets:
   • A
   • X_RO, X_RW
   • ,

Secrets are available immediately after saving; no extra build step is required.

5) Upload / Add JSON Files to the Bucket

5.1 File names must match your ACL list

You should upload JSON files with these exact names (case‑sensitive):

• x.json
• y.json

5.2 Upload in Cloudflare UI

1. Cloudflare Dashboard → R2 → bucket jsons
2. Upload
3. Select a local JSON file
4. Rename it to the correct key if needed
5. Save

6) How to Read JSON (API)

Use:

<BASE_URL>/<KEY>?token=<TOKEN>

Examples (placeholders):

• Read x.json with Admin token:

  text Copy

  <BASE_URL>/x.json?token=<TOKEN_ADMIN>

• Read x.json with RO token:

  text Copy

  <BASE_URL>/x.json?token=<TOKEN_x_RO>

7) Online Editing (Web UI)

Editing is only allowed for RW tokens of the same file, or Admin.

7.1 Open the editor

<BASE_URL>/_edit?key=<KEY>&token=<TOKEN>

Example:

<BASE_URL>/_edit?key=x.json&token=<TOKEN_x_RW>

7.2 Save rules

• The editor validates that your content is strict JSON before saving.
• Save calls POST /_save internally.

8) Admin Panel: List All Keys + One‑Click View/Edit

The Admin panel is Admin‑only.

8.1 Open the panel

<BASE_URL>/_list?token=<TOKEN_ADMIN>

8.2 What it shows

• Configured OK: keys that are listed in the Worker FILES array and exist in the bucket.
• Configured missing: keys in FILES but not currently uploaded into the bucket.
• Extra in bucket: keys that exist in R2 but are not in FILES (Admin can still access them, but non‑Admin cannot).

Each row includes:

• View: open raw JSON
• Edit: open the editor for that key

9) Rotate / Replace a Token

If a token is leaked or you want to rotate it:

1. Worker → Settings → Variables and Secrets
2. Find the target secret (example: TOKEN_x_RW)
3. Use Rotate or manually replace the value
4. Save

✅ The new value takes effect immediately.

After rotation, any old links containing the old token will stop working.

10) Add a New JSON File Later (Safe Checklist)

When you want to add a new file (example: f.json):

10.1 Add new secrets

Add two secrets:

• f_RO
• f_RW

10.2 Update the Worker code

In the FILES array, append:

{ key: "f6.json", secretNameRO: "TOKEN_f6_RO", secretNameRW: "TOKEN_f6_RW" },

10.3 Upload the new JSON

Upload f6.json into the R2 bucket jsons.