Module workers/sgtm-router/worker

Cloudflare Worker that fronts SGTM container origins and related platform endpoints by resolving an incoming host to an upstream base URL, proxying requests, and emitting access logs to Supabase for analytics/observability.

Role in the platform

  • Acts as the public edge router for customer domains.
  • Resolves {hostname} to an upstream SGTM origin (and optionally a preview UI origin) via KV.
  • Supports an obfuscated proxy path (/k/...) where the true upstream target is encoded in a query param.
  • Emits structured access logs to a Supabase logging function when configured.
  • Exposes a router-domain endpoint (/mark-session-detection) that proxies to a Supabase Edge Function.

Request flow

  • Handle CORS preflight requests early (OPTIONS -> 204).
  • Route /mark-session-detection (POST) to a Supabase Edge Function via handleMarkSessionDetection.
  • Route /put (POST) to write onboarding routing config into KV (env.ROUTING_MAP).
  • Lookup routing config by request hostname (env.ROUTING_MAP.get(hostname)).
  • Determine whether the request targets SGTM preview UI paths vs the primary origin.
  • Decode /k/... proxy requests (when not preview UI) to rewrite the upstream target.
  • Proxy the request upstream and mirror the response status/body/headers downstream.
  • Emit a fire-and-forget access log (ctx.waitUntil(logAccess(...))).

Security & trust boundaries

  • Depends on Supabase service credentials for server-to-server calls:
    • SUPABASE_SERVICE_ROLE_KEY or SUPABASE_SERVICE_KEY
  • Depends on Supabase base URL for Edge Function proxying:
    • SUPABASE_URL
  • Depends on logging function URL (if logging is enabled):
    • LOG_FN_URL
  • Routing config is resolved from KV:
    • ROUTING_MAP

CORS & browser behavior

  • Preflight requests (OPTIONS) return 204 with CORS headers from makeCorsHeaders.
  • CORS headers reflect the request Origin and allow credentials.
  • Access-Control-Allow-Headers mirrors Access-Control-Request-Headers when present.

Error handling

  • Returns explicit 4xx/5xx responses for missing KV entry, invalid routing config, and bad KV writes.
  • Logging failures are caught and logged to console.error without failing the proxied request.

Observability

  • Adds x-qaxal-router-target to upstream request headers and downstream response headers.
  • Creates a structured log payload including request/response metadata and correlation IDs.
  • Uses ctx.waitUntil(...) for non-blocking logging.

Notes

  • This Worker performs transparent proxying; request bodies are forwarded for non-GET/HEAD methods.
  • /k/... decoding is best-effort and falls back to original path/search when decoding fails.

Index

Variables

default

Settings

Member Visibility

Theme

On This Page

Role in the platformRequest flowSecurity & trust boundariesCORS & browser behaviorError handlingObservabilityNotes