From e740b8ee6bb482a255f638adb48e5d9c2e2212e4 Mon Sep 17 00:00:00 2001 From: Clove Twilight Date: Thu, 18 Jun 2026 02:03:04 +0100 Subject: [PATCH] Fix --- README.md | 6 +++--- src/index.ts | 29 ++++++++++++++++++----------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 6779c70..0d91216 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,6 @@ pnpx wrangler secret put TURNSTILE_SECRET # Skip this step to run with just honeypot + rate limiting. # 3. Run locally / deploy -pnpm run dev -pnpm run deploy -``` \ No newline at end of file +pnpm dev +pnpm deploy +``` diff --git a/src/index.ts b/src/index.ts index dcf7bd1..3fec03c 100644 --- a/src/index.ts +++ b/src/index.ts @@ -26,7 +26,7 @@ interface PostBody { const ENTRIES_KEY = "entries"; const MAX_ENTRIES = 1000; // keep the JSON blob bounded -const RATE_LIMIT_SECONDS = 30; // min seconds between posts from one IP +const RATE_LIMIT_SECONDS = 60; // min seconds between posts from one IP (also KV's minimum expirationTtl) const LIMITS = { name: 40, @@ -198,17 +198,24 @@ async function handlePost(request: Request, env: Env): Promise { export default { async fetch(request: Request, env: Env): Promise { - const url = new URL(request.url); + try { + const url = new URL(request.url); - if (request.method === "OPTIONS") { - return new Response(null, { status: 204, headers: corsHeaders(env) }); + if (request.method === "OPTIONS") { + return new Response(null, { status: 204, headers: corsHeaders(env) }); + } + if (request.method === "GET") { + return await handleGet(url, env); + } + if (request.method === "POST") { + return await handlePost(request, env); + } + return json({ error: "Method not allowed." }, 405, env); + } catch (err) { + // Always attach CORS headers, even on unexpected errors, so the browser + // surfaces a real message instead of a masked CORS/network error. + console.error("[guestbook] unhandled error", err); + return json({ error: "Internal error." }, 500, env); } - if (request.method === "GET") { - return handleGet(url, env); - } - if (request.method === "POST") { - return handlePost(request, env); - } - return json({ error: "Method not allowed." }, 405, env); }, } satisfies ExportedHandler;