A Cloudflare Worker for transferring files from URL to R2 storage with streaming support and Ed25519 signature verification.
- Stream upload (no memory buffering)
- Auto content-type detection
- Ed25519 signature verification (secure, no secrets transmitted)
- Timestamp-based replay protection (5 minute window)
wrangler r2 bucket create your-bucket-namename = "storage-transfer"
main = "src/index.ts"
compatibility_date = "2024-01-01"
[[r2_buckets]]
binding = "BUCKET"
bucket_name = "your-bucket-name"| Variable | Default | Description |
|---|---|---|
PLATFORM_PUBLIC_KEY |
0uvFzFZYIqivaU6y4qvuHSb+Axj+Mj5aCP/49dekSIM= |
API Grip 公钥,一般无需修改 |
PUBLIC_URL |
https://oss.apigrip.com |
替换为你自己的公开访问域名 |
pnpm install
pnpm run deploy- API Grip server signs request body (including timestamp) with Ed25519 private key
- Worker receives request with
X-Signatureheader - Worker verifies signature using platform public key
- If valid and timestamp within 5 minutes, processes the transfer
curl -X POST https://your-worker.workers.dev \
-H "X-Signature: BASE64_SIGNATURE" \
-H "Content-Type: application/json" \
-d '{
"sourceUrl": "https://example.com/video.mp4",
"timestamp": 1234567890123
}'Success:
{
"success": true,
"url": "https://cdn.example.com/path/to/file.mp4",
"size": 1234567,
"contentType": "video/mp4"
}Error:
{
"success": false,
"error": "Error message"
}| Status | Error |
|---|---|
| 400 | Invalid JSON / Missing fields |
| 401 | Invalid signature / Expired request |
| 405 | Method not allowed |
| 500 | Internal server error |
| 502 | Source fetch failed |
MIT