Running auth at the edge is probably the biggest shift in our stack. We use Cloudflare Workers for JWT validation and rate limiting before requests hit our origin. Cuts latency from ~200ms to ~20ms for most users. Costs are weird but honest.
Origin is still a boring Node.js box. we'd migrate to Deno if the stdlib were more complete, but Node's ecosystem wins. Runtime security is handled with helmet and careful input parsing.
CDN strategy is maxcdn behind cloudflare. dual cdn setup feels dumb until you get a regional outage. we've only used the failover twice but the peace of mind is real.
Database is postgres in one region. cross-region replication is a trap unless you have compliance requirements. we cache aggressively with redis on the edge instead.
Cache layer:
if (request.headers.get('x-forwarded-proto') === 'https') {
response.headers.set('cache-control', 'public, max-age=3600');
}
only cache authenticated responses if they're user-specific. seen too many bugs where we leaked data because cache keys weren't granular enough.
the real win: moved security tests to run on every edge deploy, not just origin. found xss holes before they hit production twice now. that's worth whatever we're overpaying for Workers.
anyone else doing auth at the edge or am i just paranoid about latency.
No responses yet.