C3 (create-cloudflare-cli) is a command-line tool designed to help you set up and deploy Workers & Pages applications to Cloudflare as fast as possible.
For What would you like to start with?, choose Hello World example.
For Which template would you like to use?, choose Hello World Worker.
For Which language do you want to use?, choose JavaScript.
For Do you want to use git for version control?, choose Yes.
For Do you want to deploy your application?, choose No (we will be making some changes before deploying).
Then, move into your newly created directory:
2. Create your bucket
Create your bucket by running:
To check that your bucket was created, run:
After running the list command, you will see all bucket names, including the one you have just created.
3. Bind your bucket to a Worker
You will need to bind your bucket to a Worker.
To bind your R2 bucket to your Worker, add the following to your wrangler.toml file. Update the binding property to a valid JavaScript variable identifier and bucket_name to the <YOUR_BUCKET_NAME> you used to create your bucket in step 2:
Within your Worker code, your bucket is now available under the MY_BUCKET variable and you can begin interacting with it.
An R2 bucket is able to READ, LIST, WRITE, and DELETE objects. You can see an example of all operations below using the Module Worker syntax. Add the following snippet into your project's index.js file:
5. Bucket access and privacy
With the above code added to your Worker, every incoming request has the ability to interact with your bucket. This means your bucket is publicly exposed and its contents can be accessed and modified by undesired actors.
You must now define authorization logic to determine who can perform what actions to your bucket. This logic lives within your Worker's code, as it is your application's job to determine user privileges. The following is a short list of resources related to access and authorization practices:
Using Custom Headers: Allow or deny a request based on a known pre-shared key in a header.
Continuing with your newly created bucket and Worker, you will need to protect all bucket operations.
For PUT and DELETE requests, you will make use of a new AUTH_KEY_SECRET environment variable, which you will define later as a Wrangler secret.
For GET requests, you will ensure that only a specific file can be requested. All of this custom logic occurs inside of an authorizeRequest function, with the hasValidHeader function handling the custom header logic. If all validation passes, then the operation is allowed.
For this to work, you need to create a secret via Wrangler:
This command will prompt you to enter a secret in your terminal:
This secret is now available as AUTH_KEY_SECRET on the env parameter in your Worker.
6. Deploy your bucket
With your Worker and bucket set up, run the npx wrangler deploycommand to deploy to Cloudflare's global network:
You can verify your authorization logic is working through the following commands, using your deployed Worker endpoint:
By completing this guide, you have successfully installed Wrangler and deployed your R2 bucket to Cloudflare.