Serverless inventory management on Cloudflare's edge
Built with Hono + Rust + React 19 β’ Deployed on Cloudflare Workers
There was a company. It sold it's own stuff, but also reselled products from various providers. Some of these providers have normal APIs, but most just give Excel files. Every damn time.
Someone had to manually load these XLS files into our billing system. It was a mess - inconsistent formats, human errors, no way to track what's in stock.
So I built Store. It's basically a "provider for providers" - a unified place where managers can add, edit, and track products from any source. Meanwhile, I just hit the API from our billing system and everything syncs automatically.
The best part? It runs on Cloudflare Workers. No servers to rent. No DevOps guy to hire. Just deploy and forget.
Could this be another WooCommerce? Probably. But I didn't build it to compete with anyone - I built it because solving real problems is fun, and Cloudflare's edge platform is a joy to work with.
- π§ Backend API (TypeScript/Hono): RESTful API with OpenAPI documentation
- π¦ Public API (Rust/worker-rs): High-performance public endpoints for external integrations
- π¨ Frontend (React 19 SSR): Dashboard with server-side rendering
Backend API: Hono β’ TypeScript 5 β’ Zod OpenAPI β’ Prisma ORM
Public API: Rust β’ worker-rs β’ serde β’ KV caching
Frontend: React 19 SSR β’ Tailwind CSS v4 β’ DaisyUI 5 β’ Zustand
Authentication: Google OAuth β’ API Tokens with permissions
Database & Storage: Cloudflare D1 (SQLite) β’ Cloudflare R2 β’ Cloudflare KV
Deployment: Cloudflare Workers (TypeScript + Rust via WASM)
- π’ Node.js 20+
- π§ Wrangler CLI (
npm install -g wrangler) - βοΈ Cloudflare account
git clone git@github.com:erimeilis/store.git
cd store
npm install && cd frontend && npm install && cd ..npm run dev # Local D1 database
npm run dev:remote # Remote preview D1 databaseThis starts three workers with:
- π¨ Frontend: http://localhost:5173
- π§ Backend API: http://localhost:8787
- π¦ Rust Public API: http://localhost:8788
- πΎ Database: Local
.wrangler/state/or remote preview D1
The script automatically:
- π Updates wrangler to latest version
- π Scans and loads modules
- βοΈ Generates configuration files
- π Starts both workers with shared database
Press Ctrl+C to stop both services.
npm run deploy # Deploy all workers (backend, public-api, frontend)
npm run deploy:api # Deploy backend API only
npm run deploy:public-api # Deploy Rust public API only
npm run deploy:admin # Deploy frontend onlyThe deployment script handles everything automatically. Just configure .env:
-
Copy environment template:
cp .env.example .env
-
Set required values in
.env:CLOUDFLARE_ACCOUNT_ID=your-account-id ZONE_NAME=yourdomain.com API_DOMAIN=api.yourdomain.com FRONTEND_DOMAIN=admin.yourdomain.com GOOGLE_CLIENT_ID=your-google-client-id GOOGLE_CLIENT_SECRET=your-google-client-secret
-
Deploy (creates D1 databases, KV namespaces, applies migrations, seeds tokens, uploads secrets):
wrangler login npm run deploy
That's it! The deploy script automatically:
- Creates D1 databases if they don't exist
- Ensures KV namespaces are configured
- Applies all database migrations
- Seeds authentication tokens
- Uploads secrets to Cloudflare
- Deploys all workers
First user to login becomes admin automatically.
npm run dev # Local D1 database
npm run dev:remote # Remote preview D1 databasenpm run deploy # Deploy all workers
npm run deploy:api # Deploy backend API only
npm run deploy:public-api # Deploy Rust public API only
npm run deploy:admin # Deploy frontend onlytsx scripts/db-reset.ts local # Reset local D1
tsx scripts/db-reset.ts preview # Reset preview D1
tsx scripts/db-reset.ts production # Reset production D1 (with confirmation)npm run build # Type check backend
npm run test # Run tests (Vitest)
npm run test:run # Run tests once
cd admin
npm run type-check # Type check frontend
npm run lint # Run ESLint
npm run lint:fix # Auto-fix lint issues# Flood tests for load testing
npx tsx scripts/flood-test.ts --preset=public --rps=50 --duration=10
# A/B comparison: Rust vs TypeScript
npx tsx scripts/ab-test.ts --env=local
npx tsx scripts/ab-test.ts --env=production- β Create any table structure on the fly
- β 17+ column types (text, number, date, boolean, email, url, phone, country, etc.)
- β Column validation and constraints
- β Required fields and default values
- β Inline editing with type-aware inputs
- β Mass actions: delete, set column value (with validation)
- β Table cloning with data
Extend Store with JSON-based modules - no code execution, just pure configuration:
- β Custom Column Types: Define new column types with validation, formatting, and data sources
- β
External API Integration: Fetch entities from any external API (providers, catalogs, inventories)
- Bearer, Basic, and custom header authentication
- Response mapping with JSON path selectors
- Configurable caching (5m to 7d)
- Settings references for dynamic configuration
- β Table Generators: Auto-generate tables with predefined schemas and fake data
- β Built-in Types: Phone numbers, multiselect with grouped options, and more
- β KV Caching: All external API responses are cached in Cloudflare KV
- β Admin UI: Install, configure, and manage modules from the dashboard
Example: Fetch products from external provider API
{
"source": {
"type": "api",
"endpoint": "$settings.providerApiUrl/products",
"auth": { "type": "bearer", "token": "$settings.apiToken" },
"responseSchema": { "dataPath": "data.items" },
"valueField": "sku",
"labelField": "name",
"cache": "1h"
}
}- β
Protected
priceandqtycolumns - β Item purchasing workflow via API
- β Sales transaction tracking
- β Inventory management with audit trail
- β
Protected
price,fee,used,availablecolumns - β Rental periods: hourly, daily, weekly, monthly, yearly
- β Rent and release workflows via API
- β Availability management
- β Import from Excel (XLS, XLSX)
- β Import from CSV
- β Import from Google Sheets
- β Column mapping with auto-detection
- β Preview before import
- β Data validation with error reporting
- β Google OAuth for dashboard
- β API tokens with read/write permissions
- β IP whitelist for tokens
- β Domain restrictions
- β Email-based access control
- β RESTful API with OpenAPI/Swagger docs
- β Bearer token authentication
- β Public endpoints for integrations
- β Purchase and rental operations
- β Search and filtering with pagination
# Tables
GET /api/tables # List all tables
POST /api/tables # Create table
GET /api/tables/:id # Get table with columns
PUT /api/tables/:id # Update table
DELETE /api/tables/:id # Delete table
# Columns
GET /api/tables/:id/columns # List columns
POST /api/tables/:id/columns # Add column
PATCH /api/tables/:id/columns/:colId # Update column
DELETE /api/tables/:id/columns/:colId # Delete column
# Data
GET /api/tables/:id/data # List rows (paginated)
POST /api/tables/:id/data # Add row
PUT /api/tables/:id/data/:rowId # Update row
DELETE /api/tables/:id/data/:rowId # Delete row
POST /api/tables/:id/data/mass # Mass actions (delete, set_field_value)
# Validation
GET /api/tables/:id/validate # Validate all rows
DELETE /api/tables/:id/invalid-rows # Delete invalid rows
# Import
POST /api/tables/:id/parse-import-file # Parse XLS/CSV
POST /api/tables/:id/parse-google-sheets # Parse Google Sheets
POST /api/tables/:id/import-data # Import with mapping
# Public (for integrations)
GET /api/public/tables # List public tables
GET /api/public/tables/:id/items # Get items
POST /api/public/buy # Purchase items
POST /api/public/rent # Rent items
POST /api/public/release # Release rented items
# Auth header
Authorization: Bearer YOUR_TOKEN/
βββ π§ api/ # Backend TypeScript API
β βββ src/
β β βββ routes/ # API route handlers
β β βββ services/ # Business logic layer
β β βββ repositories/ # Data access layer
β β βββ middleware/ # Auth & validation
β β βββ types/ # TypeScript definitions
β β βββ utils/ # Utility functions
β βββ prisma/ # Database schema & migrations
β βββ wrangler.toml # Backend deployment config
βββ π¦ public-api/ # Rust high-performance API
β βββ src/ # Rust source code
β βββ Cargo.toml # Rust dependencies
β βββ wrangler.toml # Rust worker config
βββ π¨ admin/ # React SSR frontend
β βββ src/
β βββ app/ # Page components
β βββ components/ # UI components
β βββ handlers/ # SSR route handlers
β βββ lib/ # Client utilities
βββ 𧩠modules/ # Extension modules (JSON)
βββ π± seeds/ # Test data generators
βββ π scripts/ # Build, deploy & test scripts
β βββ deploy.js # Deployment orchestration
β βββ flood-test.ts # Load testing
β βββ ab-test.ts # A/B performance comparison
βββ π§ͺ test/ # Test suites
Migrations are located in prisma/migrations/:
| Migration | Description |
|---|---|
| 001_auth | Users, sessions, tokens, allowed emails |
| 002_dynamic_tables | User tables, columns, data |
| 004_commerce | Sales, inventory transactions, rentals |
| 005_ecommerce_settings | Product ID column, rental periods |
| 006_token_admin | Token metadata and permissions |
| 007_modules | Installed modules tracking |
Port conflicts:
# Ports are automatically cleared by dev scripts, but if needed:
lsof -ti:5173 | xargs kill -9 # Frontend
lsof -ti:8787 | xargs kill -9 # Backend
lsof -ti:8788 | xargs kill -9 # Rust public APIDatabase issues:
npm run db:reset:local # Clear and reset local databaseClean rebuild:
rm -rf node_modules admin/node_modules
npm install && cd admin && npm installRust worker build issues:
cd public-api
worker-build --release # Rebuild Rust workerWhen deploying to production with Cloudflare WAF enabled, you may need to adjust security settings:
- Rate Limiting: Configure appropriate rate limits for API endpoints
- Bot Protection: Whitelist legitimate API consumers
- Security Rules: Review managed rules that may block legitimate API traffic
- IP Access Rules: Configure trusted IP ranges for monitoring/testing
Note: WAF rules should be reviewed and adjusted based on your specific traffic patterns and security requirements.
- Billing System - Invoice generation, payment tracking, billing cycles
- Webhooks for external integrations
- Advanced analytics dashboard
- Custom field validators via modules
- Export to Excel/CSV
- Hono - Ultrafast web framework
- Rust - High-performance systems language
- worker-rs - Rust SDK for Cloudflare Workers
- Cloudflare Workers - Serverless platform
- Cloudflare D1 - SQLite at the edge
- React 19 - UI library
- TypeScript - Type safety
- Prisma - Database ORM
- Zod - Schema validation
- Vitest - Testing framework
- esbuild - Fast bundler
- wasm-pack - Rust to WASM toolchain
- Tailwind CSS v4 - Utility-first CSS
- DaisyUI - Component library
- Tabler Icons - Icon set
MIT License - see LICENSE file for details.
Made with ππ using Hono, Rust, and Cloudflare Workers