MCP HubMCP Hub
Back to Skills

cloudflare-full-stack-integration

jezweb
Updated Today
26 views
33
4
33
View on GitHub
Testingwordreactaitestingapidata

About

This skill provides production-tested patterns for connecting React frontends to Cloudflare Worker backends using Hono, Clerk authentication, and D1 databases. Use it when implementing auth flows, setting up API calls, or troubleshooting common issues like CORS errors, 401 unauthorized responses, and race conditions. It helps prevent frontend-backend connection problems and ensures proper JWT verification and token handling.

Quick Install

Claude Code

Recommended
Plugin CommandRecommended
/plugin add https://github.com/jezweb/claude-skills
Git CloneAlternative
git clone https://github.com/jezweb/claude-skills.git ~/.claude/skills/cloudflare-full-stack-integration

Copy and paste this command in Claude Code to install this skill

Documentation

Cloudflare Full-Stack Integration Patterns

Production-tested patterns for React + Cloudflare Workers + Hono + Clerk authentication.

When to Use This Skill

Use this skill when you need to:

  • Connect a React frontend to a Cloudflare Worker backend
  • Implement authentication with Clerk in a full-stack app
  • Set up API calls that automatically include auth tokens
  • Fix CORS errors between frontend and backend
  • Prevent race conditions with auth loading
  • Configure environment variables correctly
  • Set up D1 database access from API routes
  • Create protected routes that require authentication

What This Skill Provides

Templates

Frontend (templates/frontend/):

  • lib/api-client.ts - Fetch wrapper with automatic token attachment
  • components/ProtectedRoute.tsx - Auth gate pattern with loading states

Backend (templates/backend/):

  • middleware/cors.ts - CORS configuration for dev and production
  • middleware/auth.ts - JWT verification with Clerk
  • routes/api.ts - Example API routes with all patterns integrated

Config (templates/config/):

  • wrangler.jsonc - Complete Workers configuration with bindings
  • .dev.vars.example - Environment variables setup
  • vite.config.ts - Cloudflare Vite plugin configuration

References (references/):

  • common-race-conditions.md - Complete guide to auth loading issues

Critical Architectural Insights

1. @cloudflare/vite-plugin Runs on SAME Port

Key Insight: The Worker and frontend run on the SAME port during development.

// ✅ CORRECT: Use relative URLs
fetch('/api/data')

// ❌ WRONG: Don't use absolute URLs or proxy
fetch('http://localhost:8787/api/data')

Why: The Vite plugin runs your Worker using workerd directly in the dev server. No proxy needed!

2. CORS Must Be Applied BEFORE Routes

// ✅ CORRECT ORDER
app.use('/api/*', cors())
app.post('/api/data', handler)

// ❌ WRONG ORDER - Will cause CORS errors
app.post('/api/data', handler)
app.use('/api/*', cors())

3. Auth Loading is NOT a Race Condition

Most "race conditions" are actually missing isLoaded checks:

// ❌ WRONG: Calls API before token ready
useEffect(() => {
  fetch('/api/data') // 401 error!
}, [])

// ✅ CORRECT: Wait for auth to load
const { isLoaded, isSignedIn } = useSession()
useEffect(() => {
  if (!isLoaded || !isSignedIn) return
  fetch('/api/data') // Now token is ready
}, [isLoaded, isSignedIn])

4. Environment Variables Have Different Rules

Frontend (Vite):

  • MUST start with VITE_ prefix
  • Defined in .env file
  • Access: import.meta.env.VITE_VARIABLE_NAME

Backend (Workers):

  • NO prefix required
  • Defined in .dev.vars file (dev) or wrangler secrets (prod)
  • Access: env.VARIABLE_NAME

5. D1 Bindings Are Always Available

D1 is accessed via bindings - no connection management needed:

// ✅ CORRECT: Direct access via binding
const { results } = await env.DB.prepare('SELECT * FROM users').run()

// ❌ WRONG: No need to "connect" first
const connection = await env.DB.connect() // This doesn't exist!

Step-by-Step Integration Guide

Step 1: Project Setup

# Create project with Cloudflare Workers + React
npm create cloudflare@latest my-app
cd my-app

# Install dependencies
npm install hono @clerk/clerk-react @clerk/backend
npm install -D @cloudflare/vite-plugin @tailwindcss/vite

Step 2: Configure Vite

Copy templates/config/vite.config.ts to your project root.

Key points:

  • Includes cloudflare() plugin
  • No proxy configuration needed
  • Sets up path aliases for clean imports

Step 3: Configure Wrangler

Copy templates/config/wrangler.jsonc to your project root.

Update:

  • Replace name with your app name
  • Add D1/KV/R2 bindings as needed
  • Set run_worker_first: ["/api/*"] for API routes

Step 4: Set Up Environment Variables

Create .dev.vars (gitignored):

CLERK_PUBLISHABLE_KEY=pk_test_xxxxx
CLERK_SECRET_KEY=sk_test_xxxxx

Create .env for frontend:

VITE_CLERK_PUBLISHABLE_KEY=pk_test_xxxxx

Step 5: Add CORS Middleware

Copy templates/backend/middleware/cors.ts to your backend.

Apply in your main worker file:

import { corsMiddleware } from './middleware/cors'

app.use('/api/*', (c, next) => corsMiddleware(c.env)(c, next))

CRITICAL: Apply this BEFORE defining routes!

Step 6: Add Auth Middleware

Copy templates/backend/middleware/auth.ts to your backend.

Apply to protected routes:

import { jwtAuthMiddleware } from './middleware/auth'

app.use('/api/protected/*', jwtAuthMiddleware(c.env.CLERK_SECRET_KEY))

Step 7: Set Up API Client

Copy templates/frontend/lib/api-client.ts to your frontend.

Use in your App component:

import { useApiClient } from '@/lib/api-client'

function App() {
  useApiClient() // Set up token access
  return <YourApp />
}

Step 8: Create Protected Routes

Copy templates/frontend/components/ProtectedRoute.tsx.

Use to wrap authenticated pages:

<ProtectedRoute>
  <Dashboard />
</ProtectedRoute>

Step 9: Create API Routes

Copy templates/backend/routes/api.ts as a reference.

Pattern for all routes:

  1. Apply CORS first
  2. Apply auth middleware to protected routes
  3. Extract user ID from JWT payload
  4. Access D1/KV/R2 via env bindings
  5. Return typed JSON responses

Step 10: Test Integration

# Start dev server
npm run dev

# Both frontend and backend run on http://localhost:5173
# API routes: http://localhost:5173/api/*
# Frontend: http://localhost:5173/*

Common Issues and Solutions

Issue: 401 Unauthorized Errors

Symptom: API calls fail with 401 even though user is signed in

Cause: API called before Clerk session is loaded

Fix: Check isLoaded and isSignedIn before API calls

const { isLoaded, isSignedIn } = useSession()
if (!isLoaded || !isSignedIn) return // Wait for auth

See: references/common-race-conditions.md

Issue: CORS Errors

Symptom: "No 'Access-Control-Allow-Origin' header" errors

Causes:

  1. CORS middleware not applied
  2. CORS middleware applied after routes (wrong order)
  3. Origin not allowed in production

Fix:

// Apply BEFORE routes
app.use('/api/*', cors())
app.post('/api/data', handler)

For production, update corsProdMiddleware with your domain.

Issue: Environment Variables Not Working

Symptom: Variables are undefined in frontend or backend

Frontend Fix:

  • Variables MUST start with VITE_
  • Must be in .env file (not .dev.vars)
  • Access: import.meta.env.VITE_NAME

Backend Fix:

  • Variables in .dev.vars for local dev
  • Use wrangler secret put NAME for production
  • Access: env.NAME

Issue: D1 Queries Fail

Symptom: Database queries throw errors

Causes:

  1. Binding not configured in wrangler.jsonc
  2. SQL syntax errors
  3. Not using parameterized queries

Fix:

// ✅ CORRECT: Parameterized query
await env.DB.prepare('SELECT * FROM users WHERE id = ?')
  .bind(userId)
  .run()

// ❌ WRONG: SQL injection risk
await env.DB.prepare(`SELECT * FROM users WHERE id = ${userId}`).run()

Issue: Token Not Attached to Requests

Symptom: Backend receives requests without Authorization header

Cause: Not using apiClient or not calling useApiClient() hook

Fix:

  1. Call useApiClient() in App component
  2. Use apiClient.get() instead of raw fetch()
// In App.tsx
import { useApiClient } from '@/lib/api-client'
function App() {
  useApiClient() // MUST call this
  return <YourApp />
}

// In components
import { apiClient } from '@/lib/api-client'
const data = await apiClient.get('/api/data')

Integration Checklist

Before deployment, verify:

Frontend:

  • useApiClient() called in App component
  • All protected pages wrapped in <ProtectedRoute>
  • Check isLoaded before making API calls
  • Environment variables start with VITE_
  • Using apiClient for all API calls

Backend:

  • CORS middleware applied BEFORE routes
  • Auth middleware on /api/protected/* routes
  • Environment variables in .dev.vars (dev) and secrets (prod)
  • D1/KV/R2 bindings configured in wrangler.jsonc
  • Using parameterized queries for D1

Config:

  • wrangler.jsonc has correct bindings
  • vite.config.ts includes cloudflare() plugin
  • .dev.vars exists and is gitignored
  • .env exists for frontend vars
  • run_worker_first: ["/api/*"] in wrangler.jsonc

Package Versions (Verified 2025-10-23)

All packages are current stable versions:

{
  "@clerk/clerk-react": "5.53.3",
  "@clerk/backend": "2.19.0",
  "hono": "4.10.2",
  "vite": "7.1.11",
  "@cloudflare/vite-plugin": "1.13.14"
}

Official Documentation Links

Production Evidence

Patterns tested in:

Token Efficiency

Without this skill: ~12k tokens + 2-4 integration errors With this skill: ~4k tokens + 0 errors Savings: ~67% tokens, 100% error prevention

Remember: Most integration issues are just missing isLoaded checks or wrong middleware order. Use the templates and follow the step-by-step guide!

GitHub Repository

jezweb/claude-skills
Path: skills/cloudflare-full-stack-integration
aiautomationclaude-codeclaude-skillscloudflarereact

Related Skills

sglang

Meta

SGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.

View skill

evaluating-llms-harness

Testing

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.

View skill

llamaguard

Other

LlamaGuard is Meta's 7-8B parameter model for moderating LLM inputs and outputs across six safety categories like violence and hate speech. It offers 94-95% accuracy and can be deployed using vLLM, Hugging Face, or Amazon SageMaker. Use this skill to easily integrate content filtering and safety guardrails into your AI applications.

View skill

langchain

Meta

LangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.

View skill