Cloudflare Workers
Quickback generates Hono-based API routes for Cloudflare Workers with D1 database, application-level security, and full batch operations.
The Cloudflare target generates a complete Hono-based API running on Cloudflare Workers with D1 as the database. This is the recommended target for production deployments.
Configuration
import { defineConfig, defineRuntime, defineDatabase, defineAuth } from "@quickback/compiler";
export default defineConfig({
name: "my-app",
template: "hono",
features: ["organizations"],
providers: {
runtime: defineRuntime("cloudflare"),
database: defineDatabase("cloudflare-d1"),
auth: defineAuth("better-auth"),
},
});Generated Output
src/
├── routes/ # Hono route handlers (one per resource)
├── middleware/ # Auth, firewall, access middleware
├── features/ # Feature-specific helpers (security, masking)
├── types/ # TypeScript interfaces
├── db/
│ └── schema.ts # Drizzle schema
└── index.ts # Hono app entry point
quickback/drizzle/
├── migrations/ # SQL migration files
└── meta/ # Drizzle metadataSecurity Model
All four security layers run at the application level:
- Firewall — Drizzle WHERE clauses for data isolation
- Access — Role checks in middleware
- Guards — Field filtering in request handlers
- Masking — Response transformation before sending
Since D1 is only accessible through your Worker (no external connection string), the application layer is the only entry point. See D1 Security Architecture for details.
Features
- Full CRUD with batch operations (create, update, delete, upsert)
- Custom actions with inline or handler-based execution
- Soft delete with cascading to child tables
- Pagination, filtering, sorting, field selection, and full-text search
- Views (column-level projections with per-view access control)
- OpenAPI specification generation at
/openapi.json
Deployment
# Local development
npm run dev
# Apply migrations to remote D1
npm run db:migrate:remote
# Deploy to Cloudflare Workers
npm run deployEnvironment & Bindings
Your wrangler.toml needs these bindings:
| Binding | Type | Required | Purpose |
|---|---|---|---|
DB | D1 | Yes | Feature database |
AUTH_DB | D1 | Yes | Better Auth database |
AUDIT_DB | D1 | No* | Unsafe cross-tenant action audit logs |
KV | KV | Yes | Session storage |
R2 | R2 | No | File storage (avatars, uploads) |
AI | Workers AI | No | Embeddings generation |
VECTORIZE | Vectorize | No | Vector search index |
BROADCASTER | Service | No | Realtime broadcasts |
* Required when you define cross-tenant unsafe actions.
See Also
- Cloudflare Template — Step-by-step setup guide with full wrangler.toml configuration
- D1 Database — D1 setup, multi-database pattern, and security architecture
- Neon Integration — Alternative: PostgreSQL with RLS
- Supabase Integration — Alternative: Supabase with RLS