System summary
- Cloudflare Pages site with static HTML/CSS/JS in
public/ and API logic in functions/.
- Programs calendar uses email verification to mint tokens for a private ICS URL.
- Internal calendar proxies to n8n and is intended to be protected by Cloudflare Access.
- Middleware redirects unknown paths to
/subscribe and validates calendar_id query params.
Request routing
_middleware.ts allows /subscribe*, /admin*, /api/*, /cal/*, /reference*, and static assets.- Root
/ always redirects to /subscribe.
- If
calendar_id is present and not programs or internal, the middleware strips it and redirects.
Programs calendar flow (server)
POST /api/subs/new?calendar_id=programs validates input and Turnstile (if configured).- Creates a
verify_requests record with a 30-minute TTL.
- Sends a Resend email containing the magic link.
GET /api/subs/verify?calendar_id=programs&v=... consumes the request and mints a token.GET /cal/programs.ics?token=...&calendar_id=programs validates token and returns programs.ics from R2.
Programs token flow (Mermaid)
sequenceDiagram
participant User as Resident
participant UI as Subscribe Page
participant API as Pages Functions
participant D1 as D1 (SUBS_DB)
participant Resend as Resend
participant R2 as R2 (CAL_BUCKET)
User->>UI: Submit name + email
UI->>API: POST /api/subs/new?calendar_id=programs
API->>D1: Insert verify_requests (30m TTL)
API->>Resend: Send magic link email
Resend-->>User: Email with v=code
User->>UI: Open magic link
UI->>API: GET /api/subs/verify?v=...
API->>D1: Consume verify request
API->>D1: Upsert subscriber
API->>D1: Revoke prior tokens
API->>D1: Mint new token (hash)
API-->>UI: Token + calendar links
User->>API: GET /cal/programs.ics?token=...
API->>D1: Validate token + subscriber + calendar
API->>R2: Fetch programs.ics
API-->>User: ICS response
Internal calendar flow (server)
/api/subs/new?calendar_id=internal forwards to n8n webhook /webhook/subs/new./cal/internal.ics proxies to n8n webhook /webhook/rc-cal and maps 401/403 to 404.
Client-side behavior
public/subscribe-programs.js manages Turnstile, magic link verification, and add-to-calendar buttons.- After verification, the URL is rewritten to include
token and calendar_id for bookmarking.