Fastly Integration
Integration with Fastly uses its edge compute platform to perform the filtering function. The below example is specific to Fastly but the general idea is the same regardless of the CDN you are using. You'll deploy and configure a lightweight client that talks to our "auth service" to handle the checks. The specifics of that client might change depending on your CDN, but the core process of verifying access stays consistent.
This document will walk you through how to build and set up that filter, and how to connect it to the paywalls.net system. We'll show you the Fastly example and explain how to adapt it for other CDNs.
Fastly Publisher Integration Walkthrough
- Register as a publisher with paywalls.net: Sign up for an account at paywalls.net and receive your API key and publisher ID.
- Set up a Fastly Compute@Edge Service: In your Fastly account, create a new Compute@Edge service. This will be the filter that checks content access.
- Deploy the Code: Copy and adapt the provided code example into your Fastly Compute@Edge service.
- Configure API Keys and IDs: In your Fastly service settings, add your API Key and Publisher ID as Secrets or Environment Variables. Then, in your code, you can access them using
env.PAYWALLS_API_KEYandenv.PAYWALLS_PUBLISHER_ID. This keeps your API credentials out of your code repository and makes them safer. - Configure and Test: Deploy the service and configure access to your content. The service will intercept requests, check with the paywalls.net "auth service," and either allow or deny access based on the bot’s authorization.
Sample Code Description
The provided code is a Fastly Compute@Edge worker designed to filter bot-like requests using the paywalls.net handler. Here's a breakdown:
- Initialization: The
initfunction is used to initialize the paywalls.net handler for Fastly. This handler is configured to identify bots, log access attempts, and handle responses. - Main Decision: The
fetchfunction is invoked by Fastly Compute@Edge. It uses both paywalls.net user-agent classification and Fastly's bot management metadata to determine if the request is from a bot. If not, the request proceeds as normal. If it is from a bot, the Worker performs the following:- Token Extraction: The bot's OAuth2 access token is extracted from the "Authorization" request header.
- Agent Check: Metadata about the agent and the authorization token are checked via an API call to paywalls.net. This verifies whether the bot is authorized to access your content.
- Access Logging: The content access request is logged with paywalls.net. This is used for reporting and billing of bots.
- Response Handling: If access is denied, the handler returns an appropriate response (e.g., 401 Unauthorized or 402 Payment Required) along with HTML and headers provided by paywalls.net. If access is allowed, the request is passed through to the CDN for regular processing.
Sample Code
/// <reference types="@fastly/js-compute" />
import { env } from 'fastly:env';
import { ConfigStore } from 'fastly:config-store';
import { init } from '@paywalls-net/filter';
// Initialize the paywalls.net handler for Fastly
const handler = init('fastly');
// TODO: figure out how/where to call allowDynamicBackends().
// This is needed for use of fetch() within the paywalls client SDK.
async function handleRequest(event) {
// ConfigStore is only available within a request handler
const config = new ConfigStore('config_prod');
let pw_response = await handler(event.request,config);
if (pw_response) {
// If the handler returns a response, return it
return pw_response;
}
// If no response is returned, proceed with the original request
// TODO: determine how to 'delegate' processing to the regular CDN functionality.
return fetch(event.request, { backend: 'origin' });
}
addEventListener("fetch", (event) => event.respondWith(handleRequest(event)));