Skip to content

Comments

accounts: move challenges and OTPs from D1 to KV#594

Closed
deodad wants to merge 3 commits intomainfrom
accounts-kv-ephemeral
Closed

accounts: move challenges and OTPs from D1 to KV#594
deodad wants to merge 3 commits intomainfrom
accounts-kv-ephemeral

Conversation

@deodad
Copy link
Contributor

@deodad deodad commented Feb 13, 2026

Summary

Move ephemeral data (challenges, email OTPs) from D1 to Cloudflare KV with native TTL. Fix passkey login challenge encoding mismatch.

Motivation

Challenges and OTPs are short-lived (5min), keyed by a single value, and don't need relational queries. KV is a better fit — native TTL replaces manual expiry checks, and we eliminate two D1 tables.

Passkey login was always returning "invalid or expired challenge" because the challenge stored in KV was keyed by hex, but the lookup used the base64url-encoded value from clientDataJSON.

Changes

  • Add src/kv.ts with challenge and OTP functions backed by KV
  • Remove challengesTable and emailOtpsTable from drizzle schema (src/db/schema.ts)
  • Remove challenge/OTP methods from src/db/repo.ts
  • Update src/routes/auth.ts and src/routes/wallets.ts to use kv.*
  • Add KV namespace binding to wrangler.jsonc and env.d.ts
  • Remove otp prefix from src/db/ids.ts
  • Fix passkey challenge encoding: decode base64url → hex before KV lookup, pass base64url to verifyAssertion
  • Remove legacy email_auth_session and __Host-session cookie cleanup
  • Simplify sessionCookies and clearSessionCookies

Testing

pnpm check        # ✅ zero errors (pre-existing og failures only)
pnpm test          # ✅ 18 tests passed

Old D1 tables can be dropped via db:push after deploy.

deodad and others added 2 commits February 13, 2026 11:25
The existing key store got accidentally nuked. Use a new key store.
Ephemeral data (challenges, email OTPs) now use Cloudflare KV with
native TTL instead of D1 tables with manual expiry checks.

- Add src/kv.ts with challenge/OTP functions backed by KV
- Remove challengesTable and emailOtpsTable from drizzle schema
- Remove challenge/OTP methods from repo (D1)
- Update auth and wallet routes to use kv.* functions
- Add KV namespace binding (ACCOUNTS_KV + preview)

Amp-Thread-ID: https://ampcode.com/threads/T-019c5848-6731-70b6-86a9-66699abf0b43
Co-authored-by: Amp <amp@ampcode.com>
@github-actions
Copy link

github-actions bot commented Feb 13, 2026

Bundle Size Report

Metric Size Δ Change
Total 5.3 MB +512.3 KB (+10.5%)
Gzip 1.5 MB +188.3 KB (+14.1%)
Brotli 1.3 MB +157.3 KB (+13.6%)
Chunk changes (>1KB)
Chunk Change
assets/QueryBuilder.js (removed) -423.4 KB
assets/createSsrRpc.js (removed) -43.8 KB
assets/stringify.js (removed) -19.7 KB
assets/base.js (removed) -12.8 KB
assets/useWatchBlockNumber.js (removed) -2.1 KB
assets/utils.js -1.7 KB
assets/Intro.js +1.2 KB
assets/profiling.js +1.3 KB
assets/useChainId.js +1.7 KB
assets/_layout.js +1.7 KB
assets/wagmi.config.js +3.9 KB
assets/block-number.js (new) +4.3 KB
assets/_address.js +9.2 KB
assets/isAddressEqual.js +19.0 KB
index.js +92.4 KB
assets/router.js +156.8 KB
assets/fetch.js (new) +249.2 KB
assets/tempo-queries.js (new) +474.9 KB

Compared against main branch (baseline from 2/4/2026, 5:13:51 PM)

@github-actions
Copy link

github-actions bot commented Feb 13, 2026

Cloudflare Deployments

App Environment Status Preview
api - [OK] Deployed View Preview
explorer devnet [OK] Deployed View Preview
explorer moderato [OK] Deployed View Preview
explorer presto [OK] Deployed View Preview
explorer testnet [OK] Deployed View Preview
fee-payer devnet [OK] Deployed View Preview
fee-payer privy [OK] Deployed View Preview
fee-payer testnet [OK] Deployed View Preview
og - [OK] Deployed View Preview
tokenlist - [OK] Deployed View Preview

- Decode base64url challenge from clientDataJSON back to hex for KV lookup
- Pass original base64url challenge to verifyAssertion for comparison
- Remove legacy email_auth_session cookie cleanup
- Remove __Host-session clearing
- Simplify sessionCookies and clearSessionCookies

Amp-Thread-ID: https://ampcode.com/threads/T-019c58a5-1497-716a-8c73-260f4b29bbb5
Co-authored-by: Amp <amp@ampcode.com>
@deodad deodad closed this Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant