Techcle Wiki

Cas 382 Consolidate Test Us

2 min read

CAS-382: Consolidate test-us into web app and API

Goal

Retire test-us as a standalone Cloudflare Workers app. Move the public-facing HTTP endpoints into the main Python API worker and the queue consumer into a dedicated packages/scan-worker TypeScript Worker. The React /try-me page already exists; wire it to the main API.

Schema Note

test-us and api share the same D1 database but both define a scans table with conflicting schemas. Resolution: add new tables with an anon_ prefix via a fresh API migration. Rename references in the consumer accordingly.

Changes

1. api/ — Python Worker (new anonymous scan endpoints)

New migration (api/migrations/NNNN_anon_scans.sql):

  • anon_scans — anonymous scan records (ip_hash, turnstile_verified, ttl)
  • anon_scan_findings — CVE findings per anon scan
  • anon_dockerfile_issues — Dockerfile lint issues per anon scan
  • anon_rate_limits — sliding-window rate limit (3/day per IP hash)

New route file (api/src/routes/anon_scans.py):

  • POST /api/v1/scans/anonymous — Turnstile verify → rate limit → enqueue
  • GET /api/v1/scans/:scan_id/results — poll results, enforce 1-h TTL

New binding additions to api/wrangler.toml:

  • SCAN_QUEUE — queue producer (per env: dev / staging / production)
  • ANON_ARTIFACTS — R2 bucket for anonymous scan result JSON (separate from CI SCAN_ARTIFACTS)
  • TURNSTILE_SECRET_KEY — secret note added to vars comment

index.py updates:

  • Import and register handle_post_anon_scan, handle_get_anon_scan_results
  • Add to _EXACT_ROUTES and _PARAM_ROUTES

2. packages/scan-worker/ — TS Queue Consumer (renamed from test-us)

Keep only:

  • src/queue/consumer.ts — queue handler (update table names → anon_*)
  • src/scanner/engine.ts — scan engine
  • src/parsers/ — lockfile parsers
  • src/db/ — DB helpers (if any)
  • src/types.ts — type definitions
  • wrangler.toml — strip [assets], remove HTTP route bindings, keep D1 + R2 + queue consumer
  • package.json — rename to cascadeguard-scan-worker

Remove:

  • src/routes/
  • src/middleware/
  • src/index.ts fetch handler (replace with consumer-only export)
  • frontend/

Registered automatically via root "workspaces": ["packages/*"].

3. packages/web/ — React Frontend

  • src/pages/try-me/index.tsx: replace TEST_US_API constant with VITE_API_BASE_URL (already defined). Endpoints move from cascadeguard-test-us.workers.dev/api/v1/...<API_BASE>/api/v1/....
  • src/App.tsx: add /try route as alias for TryMePage (keep /try-me for backward compat).

4. deploy.yaml — CI/CD

  • Add packages/scan-worker/** to push.paths and pull_request.paths.
  • Add deploy-scan-worker job (wrangler deploy, mirrors deploy-api pattern).

5. Cleanup

  • Delete test-us/ directory entirely.
  • Update any README references.

Definition of Done

  • /try page in packages/web hits main API endpoints
  • POST /api/v1/scans/anonymous and GET /api/v1/scans/:scan_id/results live in Python API
  • packages/scan-worker processes queue jobs (uses anon_* tables)
  • test-us/ removed
  • CI deploy includes scan-worker
  • All CI checks pass

Graph View