diff --git a/src/content/changelog/workers/2025-01-28-nodejs-compat-improvements.mdx b/src/content/changelog/workers/2025-01-28-nodejs-compat-improvements.mdx index 6d35bd073a7cb91..5a6a8bd862a1710 100644 --- a/src/content/changelog/workers/2025-01-28-nodejs-compat-improvements.mdx +++ b/src/content/changelog/workers/2025-01-28-nodejs-compat-improvements.mdx @@ -41,7 +41,7 @@ export default { ```` -Additionally, you can now use other APIs incliding [`net.BlockList`](https://nodejs.org/api/net.html#class-netblocklist) and +Additionally, you can now use other APIs including [`net.BlockList`](https://nodejs.org/api/net.html#class-netblocklist) and [`net.SocketAddress`](https://nodejs.org/api/net.html#class-netsocketaddress). Note that [`net.Server`](https://nodejs.org/api/net.html#class-netserver) is not supported. diff --git a/src/content/changelog/workers/2025-02-03-workers-metrics-revamp.mdx b/src/content/changelog/workers/2025-02-03-workers-metrics-revamp.mdx index 8e34482b92ddf33..ca7791066fefdb0 100644 --- a/src/content/changelog/workers/2025-02-03-workers-metrics-revamp.mdx +++ b/src/content/changelog/workers/2025-02-03-workers-metrics-revamp.mdx @@ -1,18 +1,18 @@ --- -title: Revamped Workers Metrics +title: Revamped Workers Metrics description: Monitor your Worker's performance with a default set of automatically enabled metrics. products: - workers date: 2025-02-03T18:00:00Z --- -We've revamped the [Workers Metrics dashboard](https://dash.cloudflare.com/?to=/:account/workers/services/view/:worker/production/metrics/). +We've revamped the [Workers Metrics dashboard](https://dash.cloudflare.com/?to=/:account/workers/services/view/:worker/production/metrics/). ![Workers Metrics dashboard](~/assets/images/workers/observability/workers-metrics.png) Now you can easily compare metrics across Worker versions, understand the current state of a [gradual deployment](/workers/configuration/versions-and-deployments/gradual-deployments/), and review key Workers metrics in a single view. This new interface enables you to: -- Drag-and-select using a graphical timepicker for precise metric selection. +- Drag-and-select using a graphical timepicker for precise metric selection. ![Workers Metrics graphical timepicker](~/assets/images/workers/observability/metrics-graphical-timepicker.png) diff --git a/src/content/changelog/workers/2025-04-08-nodejs-crypto-and-tls.mdx b/src/content/changelog/workers/2025-04-08-nodejs-crypto-and-tls.mdx new file mode 100644 index 000000000000000..cf532b8074ff613 --- /dev/null +++ b/src/content/changelog/workers/2025-04-08-nodejs-crypto-and-tls.mdx @@ -0,0 +1,75 @@ +--- +title: Improved support for Node.js Crypto and TLS APIs in Workers +description: Node.js APIs from the node:crypto and node:tls modules are now available when using nodejs_compat. +products: + - workers +date: 2025-04-08T14:00:00Z +hidden: true +--- + +import { Render, PackageManagers, TypeScriptExample } from "~/components"; + +When using a Worker with the [`nodejs_compat`](/workers/runtime-apis/nodejs/) compatibility flag enabled, +the following Node.js APIs are now available: + +- [`node:crypto`](/workers/runtime-apis/nodejs/crypto/) +- [`node:tls`](/workers/runtime-apis/nodejs/tls/) + +This make it easier to reuse existing Node.js code in Workers or use npm packages that depend on these APIs. + +#### node:crypto + +The full [`node:crypto`](https://nodejs.org/api/crypto.html) API is now available in Workers. + +You can use it to verify and sign data: + +```js +import { sign, verify } from "node:crypto"; + +const signature = sign("sha256", "-data to sign-", env.PRIVATE_KEY); +const verified = verify("sha256", "-data to sign-", env.PUBLIC_KEY, signature); +``` + +Or, to encrypt and decrypt data: + +```js +import { publicEncrypt, privateDecrypt } from "node:crypto"; + +const encrypted = publicEncrypt(env.PUBLIC_KEY, "some data"); +const plaintext = privateDecrypt(env.PRIVATE_KEY, encrypted); +``` + +See the [`node:crypto` documentation](/workers/runtime-apis/nodejs/crypto/) for more information. + +#### node:tls + +The following APIs from `node:tls` are now available: + +- [`connect`](https://nodejs.org/api/tls.html#tlsconnectoptions-callback) +- [`TLSSocket`](https://nodejs.org/api/tls.html#class-tlstlssocket) +- [`checkServerIdentity`](https://nodejs.org/api/tls.html#tlscheckserveridentityhostname-cert) +- [`createSecureContext`](https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions) + +This enables secure connections over TLS (Transport Layer Security) to external services. + +```js +import { connect } from "node:tls"; + +// ... in a request handler ... +const connectionOptions = { key: env.KEY, cert: env.CERT }; +const socket = connect(url, connectionOptions, () => { + if (socket.authorized) { + console.log("Connection authorized"); + } +}); + +socket.on("data", (data) => { + console.log(data); +}); + +socket.on("end", () => { + console.log("server ends connection"); +}); +``` + +See the [`node:tls` documentation](/workers/runtime-apis/nodejs/tls/) for more information. diff --git a/src/content/docs/workers/runtime-apis/nodejs/crypto.mdx b/src/content/docs/workers/runtime-apis/nodejs/crypto.mdx index 0666aac432e30cc..fa505d33d463a4f 100644 --- a/src/content/docs/workers/runtime-apis/nodejs/crypto.mdx +++ b/src/content/docs/workers/runtime-apis/nodejs/crypto.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: configuration -title: Crypto +title: crypto --- import { Render } from "~/components"; @@ -9,134 +9,13 @@ import { Render } from "~/components"; The `node:crypto` module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. -A subset of the `node:crypto` module is available in Workers. All APIs in the tables below with a ✅ are supported, and unless otherwise noted, work the same way as the implementations in Node.js. +All `node:crypto` APIs are fully supported in Workers with the following exceptions: -The [WebCrypto API](/workers/runtime-apis/web-crypto/) is also available within Cloudflare Workers. +- The functions [generateKeyPair](https://nodejs.org/api/crypto.html#cryptogeneratekeypairtype-options-callback) and [generateKeyPairSync](https://nodejs.org/api/crypto.html#cryptogeneratekeypairsynctype-options) + do not support DSA or DH key pairs. +- `ed448` and `x448` curves are not supported. -## Classes +The full `node:crypto` API is documented in the [Node.js documentation for `node:crypto`](https://nodejs.org/api/crypto.html). -| API | Supported? | Notes | -| --------------------------------------------------------------------------------- | ---------- | ----- | -| [Certificate](https://nodejs.org/api/crypto.html#class-certificate) | ✅ | | -| [Cipher](https://nodejs.org/api/crypto.html#class-cipher) | | | -| [Decipher](https://nodejs.org/api/crypto.html#class-decipher) | | | -| [DiffieHellman](https://nodejs.org/api/crypto.html#class-diffiehellman) | ✅ | | -| [DiffieHellmanGroup](https://nodejs.org/api/crypto.html#class-diffiehellmangroup) | ✅ | | -| [ECDH](https://nodejs.org/api/crypto.html#class-ecdh) | | | -| [Hash](https://nodejs.org/api/crypto.html#class-hash) | ✅ | | -| [Hmac](https://nodejs.org/api/crypto.html#class-hmac) | ✅ | | -| [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) | ✅ | | -| [Sign](https://nodejs.org/api/crypto.html#class-sign) | | | -| [Verify](https://nodejs.org/api/crypto.html#class-verify) | | | -| [X509Certificate](https://nodejs.org/api/crypto.html#class-x509certificate) | ✅ | | -| [constants](https://nodejs.org/api/crypto.html#cryptoconstants) | | | - -## Primes - -| API | Supported? | Notes | -| -------------------------------------------------------------------------------------------- | ---------- | ----- | -| [checkPrime](https://nodejs.org/api/crypto.html#cryptocheckprimecandidate-options-callback) | ✅ | | -| [checkPrimeSync](https://nodejs.org/api/crypto.html#cryptocheckprimesynccandidate-options) | ✅ | | -| [generatePrime](https://nodejs.org/api/crypto.html#cryptogenerateprimesize-options-callback) | ✅ | | -| [generatePrimeSync](https://nodejs.org/api/crypto.html#cryptogenerateprimesyncsize-options) | ✅ | | - -## Ciphers - -| API | Supported? | Notes | -| ----------------------------------------------------------------------------------------------------- | ---------- | ------------------------------------------ | -| [createCipher](https://nodejs.org/api/crypto.html#cryptocreatecipheralgorithm-password-options) | | Deprecated, use `createCipheriv` instead | -| [createCipheriv](https://nodejs.org/api/crypto.html#cryptocreatecipherivalgorithm-key-iv-options) | | | -| [createDecipher](https://nodejs.org/api/crypto.html#cryptocreatedecipheralgorithm-password-options) | | Deprecated, use `createDecipheriv` instead | -| [createDecipheriv](https://nodejs.org/api/crypto.html#cryptocreatedecipherivalgorithm-key-iv-options) | | | -| [privateDecrypt](https://nodejs.org/api/crypto.html#cryptoprivatedecryptprivatekey-buffer) | | | -| [privateEncrypt](https://nodejs.org/api/crypto.html#cryptoprivateencryptprivatekey-buffer) | | | -| [publicDecrypt](https://nodejs.org/api/crypto.html#cryptopublicdecryptkey-buffer) | | | -| [publicEncrypt](https://nodejs.org/api/crypto.html#cryptopublicencryptkey-buffer) | | | - -## DiffieHellman - -| API | Supported? | Notes | -| ----------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ----- | -| [createDiffieHellman(prime)](https://nodejs.org/api/crypto.html#cryptocreatediffiehellmanprime-primeencoding-generator-generatorencoding) | ✅ | | -| [createDiffieHellman(primeLength)](https://nodejs.org/api/crypto.html#cryptocreatediffiehellmanprimelength-generator) | ✅ | | -| [createDiffieHellmanGroup](https://nodejs.org/api/crypto.html#cryptocreatediffiehellmangroupname) | ✅ | | -| [createECDH](https://nodejs.org/api/crypto.html#cryptocreateecdhcurvename) | | | -| [diffieHellman](https://nodejs.org/api/crypto.html#cryptodiffiehellmanoptions) | | | -| [getDiffieHellman](https://nodejs.org/api/crypto.html#cryptogetdiffiehellmangroupname) | ✅ | | - -## Hash - -| API | Supported? | Notes | -| -------------------------------------------------------------------------------------- | ---------- | ----- | -| [createHash](https://nodejs.org/api/crypto.html#cryptocreatehashalgorithm-options) | ✅ | | -| [createHmac](https://nodejs.org/api/crypto.html#cryptocreatehmacalgorithm-key-options) | ✅ | | -| [getHashes](https://nodejs.org/api/crypto.html#cryptogethashes) | ✅ | | - -## Keys - -| API | Supported? | Notes | -| ------------------------------------------------------------------------------------------------ | ---------- | ----- | -| [createPrivateKey](https://nodejs.org/api/crypto.html#cryptocreateprivatekeykey) | ✅ | | -| [createPublicKey](https://nodejs.org/api/crypto.html#cryptocreatepublickeykey) | ✅ | | -| [createSecretKey](https://nodejs.org/api/crypto.html#cryptocreatesecretkeykey-encoding) | ✅ | | -| [generateKey](https://nodejs.org/api/crypto.html#cryptogeneratekeytype-options-callback) | ✅ | | -| [generateKeyPair](https://nodejs.org/api/crypto.html#cryptogeneratekeypairtype-options-callback) | ✅ | Does not support DSA or DH key pairs | -| [generateKeyPairSync](https://nodejs.org/api/crypto.html#cryptogeneratekeypairsynctype-options) | ✅ | Does not support DSA or DH key pairs | -| [generateKeySync](https://nodejs.org/api/crypto.html#cryptogeneratekeysynctype-options) | ✅ | | - -## Sign/Verify - -| API | Supported? | Notes | -| ---------------------------------------------------------------------------------------------- | ---------- | ----- | -| [createSign](https://nodejs.org/api/crypto.html#cryptocreatesignalgorithm-options) | | | -| [createVerify](https://nodejs.org/api/crypto.html#cryptocreateverifyalgorithm-options) | | | -| [sign](https://nodejs.org/api/crypto.html#cryptosignalgorithm-data-key-callback) | | | -| [verify](https://nodejs.org/api/crypto.html#cryptoverifyalgorithm-data-key-signature-callback) | | | - -## Misc - -| API | Supported? | Notes | -| ---------------------------------------------------------------------------------------- | ---------- | ----- | -| [getCipherInfo](https://nodejs.org/api/crypto.html#cryptogetcipherinfonameornid-options) | | | -| [getCiphers](https://nodejs.org/api/crypto.html#cryptogetciphers) | ✅ | | -| [getCurves](https://nodejs.org/api/crypto.html#cryptogetcurves) | ✅ | | -| [secureHeapUsed](https://nodejs.org/api/crypto.html#cryptosecureheapused) | ✅ | | -| [setEngine](https://nodejs.org/api/crypto.html#cryptosetengineengine-flags) | ✅ | | -| [timingSafeEqual](https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b) | ✅ | | - -## Fips - -| API | Supported? | Notes | -| --------------------------------------------------------------- | ---------- | ----------------------------------- | -| [getFips](https://nodejs.org/api/crypto.html#cryptogetfips) | ✅ | | -| [fips](https://nodejs.org/api/crypto.html#cryptofips) | ✅ | Deprecated, use `getFips()` instead | -| [setFips](https://nodejs.org/api/crypto.html#cryptosetfipsbool) | ✅ | | - -## Random - -| API | Supported? | Notes | -| -------------------------------------------------------------------------------------------- | ---------- | ----- | -| [getRandomValues](https://nodejs.org/api/crypto.html#cryptogetrandomvaluestypedarray) | ✅ | | -| [randomBytes](https://nodejs.org/api/crypto.html#cryptorandombytessize-callback) | ✅ | | -| [randomFillSync](https://nodejs.org/api/crypto.html#cryptorandomfillsyncbuffer-offset-size) | ✅ | | -| [randomFill](https://nodejs.org/api/crypto.html#cryptorandomfillbuffer-offset-size-callback) | ✅ | | -| [randomInt](https://nodejs.org/api/crypto.html#cryptorandomintmin-max-callback) | ✅ | | -| [randomUUID](https://nodejs.org/api/crypto.html#cryptorandomuuidoptions) | ✅ | | - -## Key Derivation - -| API | Supported? | Notes | -| ------------------------------------------------------------------------------------------------------------ | ---------- | ------------------------------ | -| [hkdf](https://nodejs.org/api/crypto.html#cryptohkdfdigest-ikm-salt-info-keylen-callback) | ✅ | Does not yet support KeyObject | -| [hkdfSync](https://nodejs.org/api/crypto.html#cryptohkdfsyncdigest-ikm-salt-info-keylen) | ✅ | Does not yet support KeyObject | -| [pbkdf2](https://nodejs.org/api/crypto.html#cryptopbkdf2password-salt-iterations-keylen-digest-callback) | ✅ | | -| [pbkdf2Sync](https://nodejs.org/api/crypto.html#cryptopbkdf2password-salt-iterations-keylen-digest-callback) | ✅ | | -| [scrypt](https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback) | ✅ | | -| [scryptSync](https://nodejs.org/api/crypto.html#cryptoscryptsyncpassword-salt-keylen-options) | ✅ | | - -## WebCrypto - -| API | Supported? | Notes | -| --------------------------------------------------------- | ---------- | ----- | -| [subtle](https://nodejs.org/api/crypto.html#cryptosubtle) | ✅ | | -| [webcrypto](https://nodejs.org/api/crypto.html#) | ✅ | | +The [WebCrypto API](/workers/runtime-apis/web-crypto/) is also available within Cloudflare Workers. This does not +require the `nodejs_compat` compatibility flag. diff --git a/src/content/docs/workers/runtime-apis/nodejs/tls.mdx b/src/content/docs/workers/runtime-apis/nodejs/tls.mdx new file mode 100644 index 000000000000000..8f01c7dd16247eb --- /dev/null +++ b/src/content/docs/workers/runtime-apis/nodejs/tls.mdx @@ -0,0 +1,43 @@ +--- +pcx_content_type: configuration +title: tls +--- + +import { Render, TypeScriptExample } from "~/components"; + + + +You can use [`node:tls`](https://nodejs.org/api/tls.html) to create secure connections to +external services using [TLS](https://developer.mozilla.org/en-US/docs/Web/Security/Transport_Layer_Security) (Transport Layer Security). + +```js +import { connect } from "node:tls"; + +// ... in a request handler ... +const connectionOptions = { key: env.KEY, cert: env.CERT }; +const socket = connect(url, connectionOptions, () => { + if (socket.authorized) { + console.log("Connection authorized"); + } +}); + +socket.on("data", (data) => { + console.log(data); +}); + +socket.on("end", () => { + console.log("server ends connection"); +}); +``` + +The following APIs are available: + +- [`connect`](https://nodejs.org/api/tls.html#tlsconnectoptions-callback) +- [`TLSSocket`](https://nodejs.org/api/tls.html#class-tlstlssocket) +- [`checkServerIdentity`](https://nodejs.org/api/tls.html#tlscheckserveridentityhostname-cert) +- [`createSecureContext`](https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions) + +All other APIs, including [`tls.Server`](https://nodejs.org/api/tls.html#class-tlsserver) and [`tls.createServer`](https://nodejs.org/api/tls.html#tlscreateserveroptions-secureconnectionlistener), +are not supported and will throw a `Not implemented` error when called. + +The full `node:tls` API is documented in the [Node.js documentation for `node:tls`](https://nodejs.org/api/tls.html).