feat(storage): migrate to D1 for encrypted blob storage

teycir · teycir · commit ab813137ab19 · 2025-12-22T19:36:07.000+01:00
This commit migrates the encrypted blob storage mechanism from Cloudflare R2 to Cloudflare D1. This change streamlines the infrastructure, reduces operational complexity, and consolidates all data (metadata and blobs) within the D1 database for improved consistency and edge performance.

BREAKING CHANGE: The maximum file size for seals has been reduced from 25MB to 750KB. This is due to Cloudflare D1's column size limitations when storing base64 encoded blobs.
diff --git a/README.md b/README.md
@@ -203,7 +203,7 @@ sequenceDiagram
 **✅ YES, BY DESIGN.** The URL hash is never sent to the server (unlike query parameters). HTTPS protects it in transit. Browser history/bookmarks are your responsibility—treat vault links like passwords. This is the tradeoff for zero-trust, no-authentication security. Alternative approaches (server-side key storage, password protection) would defeat the entire architecture.
 
 ### "Can I delete or cancel a seal after creating it?"
-- **Timed Release:** ❌ NO. WORM storage prevents deletion.
+- **Timed Release:** ❌ NO. Cannot be deleted once created.
 - **Dead Man's Switch:** ✅ YES. Use the pulse token to burn the seal permanently.
 
 ### "Can I spam seal creation with bots?"
diff --git a/app/api/health/route.ts b/app/api/health/route.ts
@@ -1,6 +1,6 @@
 import { getCloudflareContext } from '@opennextjs/cloudflare';
 import { jsonResponse } from '@/lib/apiHandler';
-import { r2CircuitBreaker } from '@/lib/circuitBreaker';
+import { storageCircuitBreaker } from '@/lib/circuitBreaker';
 
 export async function GET() {
   try {
@@ -11,7 +11,7 @@ export async function GET() {
       timestamp: Date.now(),
       version: '0.1.0',
       services: {
-        storage: r2CircuitBreaker.getState(),
+        storage: storageCircuitBreaker.getState(),
         database: env?.DB ? 'operational' : 'not configured',
         encryption: env?.MASTER_ENCRYPTION_KEY ? 'configured' : 'missing',
       },
diff --git a/app/components/StructuredData.tsx b/app/components/StructuredData.tsx
@@ -20,7 +20,7 @@ export function StructuredData() {
       'Zero-trust architecture',
       'Split-key cryptography',
       'Cloudflare edge deployment',
-      'R2 object lock storage',
+      'D1 database storage',
     ],
     screenshot: 'https://timeseal.dev/explainerimage.png',
     aggregateRating: {
diff --git a/app/faq/page.tsx b/app/faq/page.tsx
@@ -24,7 +24,7 @@ export default function FAQPage() {
         <Card className="p-4 sm:p-6 md:p-8 space-y-6">
           <div>
             <h3 className="text-base sm:text-lg font-bold text-neon-green mb-2">What is the maximum file size?</h3>
-            <p className="text-neon-green/60 text-sm">25 MB per seal (Cloudflare Pages limit).</p>
+            <p className="text-neon-green/60 text-sm">750 KB per seal (D1 database limit with base64 encoding).</p>
           </div>
 
           <div>
@@ -44,17 +44,17 @@ export default function FAQPage() {
 
           <div>
             <h3 className="text-base sm:text-lg font-bold text-neon-green mb-2">Can I cancel or delete a seal?</h3>
-            <p className="text-neon-green/60 text-sm">Dead Man&apos;s Switch seals can be burned (permanently destroyed) using the pulse token. Timed seals cannot be deleted due to WORM storage.</p>
+            <p className="text-neon-green/60 text-sm">Dead Man&apos;s Switch seals can be burned (permanently destroyed) using the pulse token. Timed seals cannot be deleted.</p>
           </div>
 
           <div>
             <h3 className="text-base sm:text-lg font-bold text-neon-green mb-2">Where is my data stored?</h3>
-            <p className="text-neon-green/60 text-sm">Encrypted blobs are stored in Cloudflare R2 (global edge storage). Metadata is in Cloudflare D1 database.</p>
+            <p className="text-neon-green/60 text-sm">Encrypted blobs are stored in Cloudflare D1 database. Metadata and keys are also in D1.</p>
           </div>
 
           <div>
             <h3 className="text-base sm:text-lg font-bold text-neon-green mb-2">Is this really secure?</h3>
-            <p className="text-neon-green/60 text-sm">Yes. We use AES-GCM 256-bit encryption, split-key architecture, and WORM storage. The code is open source for audit.</p>
+            <p className="text-neon-green/60 text-sm">Yes. We use AES-GCM 256-bit encryption, split-key architecture, and database-backed storage. The code is open source for audit.</p>
           </div>
 
           <div>
diff --git a/app/how-it-works/page.tsx b/app/how-it-works/page.tsx
@@ -25,12 +25,12 @@ export default function HowItWorksPage() {
         <Card className="p-4 sm:p-6 md:p-8 space-y-6">
           <div>
             <h2 className="text-xl sm:text-2xl font-bold text-neon-green mb-4 flex items-center gap-2">
-              <Lock className="w-6 h-6" /> Layer 1: The Vault (R2 Object Lock)
+              <Lock className="w-6 h-6" /> Layer 1: The Vault (D1 Database Storage)
             </h2>
-            <p className="text-neon-green/80 mb-2 text-sm sm:text-base">Immutable Storage</p>
+            <p className="text-neon-green/80 mb-2 text-sm sm:text-base">Encrypted Storage</p>
             <p className="text-neon-green/60 text-sm leading-relaxed">
-              Files are stored in Cloudflare R2 with WORM Compliance (Write Once, Read Many).
-              This prevents deletion—even by the admin—until the unlock time expires.
+              Files are stored encrypted in Cloudflare D1 database. The encrypted blobs are stored alongside metadata,
+              with cryptographic enforcement preventing early access.
             </p>
           </div>
 
@@ -68,7 +68,7 @@ export default function HowItWorksPage() {
           <ul className="text-neon-green/60 text-sm space-y-2">
             <li><strong className="text-neon-green">Algorithm:</strong> AES-GCM (256-bit)</li>
             <li><strong className="text-neon-green">Key Generation:</strong> Web Crypto API (CSPRNG)</li>
-            <li><strong className="text-neon-green">Storage:</strong> Cloudflare R2 with Object Lock</li>
+            <li><strong className="text-neon-green">Storage:</strong> Cloudflare D1 (Encrypted Blobs)</li>
             <li><strong className="text-neon-green">Database:</strong> Cloudflare D1 (SQLite)</li>
             <li><strong className="text-neon-green">Audit Trail:</strong> Immutable access logs</li>
           </ul>
diff --git a/app/layout.tsx b/app/layout.tsx
@@ -34,8 +34,8 @@ export const metadata: Metadata = {
     'Cloudflare Workers',
     'zero-trust encryption',
     'split-key cryptography',
-    'R2 object lock',
-    'WORM storage',
+    'D1 database',
+    'encrypted blob storage',
     'time capsule encryption'
   ],
   authors: [{ name: 'TimeSeal' }],
diff --git a/app/page.tsx b/app/page.tsx
@@ -189,15 +189,15 @@ export default function HomePage() {
       return;
     }
 
-    // Validate message length
-    if (message.trim() && message.length > 1000000) {
-      toast.error('Message too large (max 1MB)');
+    // Validate message length (D1 limit: 750KB)
+    if (message.trim() && message.length > 750000) {
+      toast.error('Message too large (max 750KB)');
       return;
     }
 
-    // Validate file size
-    if (file && file.size > 25 * 1024 * 1024) {
-      toast.error('File too large (max 25MB)');
+    // Validate file size (D1 limit: 750KB)
+    if (file && file.size > 750 * 1024) {
+      toast.error('File too large (max 750KB)');
       return;
     }
 
diff --git a/app/security/page.tsx b/app/security/page.tsx
@@ -48,12 +48,8 @@ export default function SecurityPage() {
           </h2>
           <div className="space-y-4 text-neon-green/60 text-sm">
             <div>
-              <p className="text-neon-green font-bold mb-2">Cloudflare R2 Object Lock (WORM)</p>
-              <p>Encrypted blobs are stored with Write Once, Read Many compliance. Files cannot be deleted or modified until the retention period expires—even by administrators.</p>
-            </div>
-            <div>
-              <p className="text-neon-green font-bold mb-2">Cloudflare D1 Database</p>
-              <p>Metadata and Key B are stored in Cloudflare&apos;s edge database with automatic replication and encryption at rest.</p>
+              <p className="text-neon-green font-bold mb-2">Cloudflare D1 Database Storage</p>
+              <p>Encrypted blobs and metadata are stored in Cloudflare&apos;s edge database with automatic replication and encryption at rest.</p>
             </div>
             <div>
               <p className="text-neon-green font-bold mb-2">Edge Runtime</p>
@@ -88,8 +84,8 @@ export default function SecurityPage() {
               <p>Split-key architecture means neither the server alone nor the client alone can decrypt content.</p>
             </div>
             <div>
-              <p className="text-neon-green font-bold mb-2 flex items-center gap-2"><CheckCircle2 className="w-4 h-4" /> Immutable Storage</p>
-              <p>R2 Object Lock prevents premature deletion or modification of encrypted content.</p>
+              <p className="text-neon-green font-bold mb-2 flex items-center gap-2"><CheckCircle2 className="w-4 h-4" /> Encrypted Storage</p>
+              <p>All data stored in D1 database with encryption at rest and cryptographic access controls.</p>
             </div>
             <div>
               <p className="text-neon-green font-bold mb-2 flex items-center gap-2"><CheckCircle2 className="w-4 h-4" /> Client-Side Decryption</p>
@@ -113,7 +109,7 @@ export default function SecurityPage() {
                 <li>Unauthorized early access (time-lock enforced server-side)</li>
                 <li>Client-side time manipulation (server validates with Date.now())</li>
                 <li>Server compromise (split-key architecture)</li>
-                <li>Data tampering (WORM storage + AEAD)</li>
+                <li>Data tampering (AEAD encryption + database integrity)</li>
                 <li>Brute force attacks (256-bit keys + fingerprinted rate limiting)</li>
                 <li>IP rotation bypass (browser fingerprinting)</li>
                 <li>Timing attacks (response jitter)</li>
diff --git a/env.d.ts b/env.d.ts
@@ -1,7 +1,6 @@
 interface CloudflareEnv {
   DB: D1Database;
   MASTER_ENCRYPTION_KEY: string;
-  R2_BUCKET?: R2Bucket;
 }
 
 declare module '@cloudflare/next-on-pages' {
diff --git a/lib/circuitBreaker.ts b/lib/circuitBreaker.ts
@@ -1,4 +1,4 @@
-// Circuit Breaker for R2 Operations
+// Circuit Breaker for Storage Operations
 export enum CircuitState {
   CLOSED = 'closed',
   OPEN = 'open',
@@ -89,4 +89,4 @@ export async function withRetry<T>(
   throw lastError!;
 }
 
-export const r2CircuitBreaker = new CircuitBreaker();
+export const storageCircuitBreaker = new CircuitBreaker();
diff --git a/lib/sealService.ts b/lib/sealService.ts
@@ -6,7 +6,7 @@ import { validateFileSize, validateUnlockTime, validatePulseInterval } from './v
 import { logger, auditSealCreated, auditSealAccessed } from './logger';
 import { metrics } from './metrics';
 import { ErrorCode } from './errors';
-import { r2CircuitBreaker, withRetry } from './circuitBreaker';
+import { storageCircuitBreaker, withRetry } from './circuitBreaker';
 import { generatePulseToken, validatePulseToken, checkAndStoreNonce } from './security';
 
 export interface CreateSealRequest {
@@ -105,7 +105,7 @@ export class SealService {
     });
 
     // Then upload blob (D1BlobStorage needs the row to exist)
-    await r2CircuitBreaker.execute(() =>
+    await storageCircuitBreaker.execute(() =>
       withRetry(() => this.storage.uploadBlob(sealId, request.encryptedBlob, request.unlockTime), 3, 1000)
     );
 
@@ -182,7 +182,7 @@ export class SealService {
   }
 
   async getBlob(sealId: string): Promise<ArrayBuffer> {
-    return await r2CircuitBreaker.execute(() =>
+    return await storageCircuitBreaker.execute(() =>
       withRetry(() => this.storage.downloadBlob(sealId), 3, 1000)
     );
   }
diff --git a/lib/storage.ts b/lib/storage.ts
@@ -1,8 +1,9 @@
 // Storage Abstraction Layer
-import type { R2Bucket } from '@cloudflare/workers-types';
 import type { D1Database } from '@cloudflare/workers-types';
 
-const MAX_UPLOAD_SIZE = parseInt(process.env.MAX_FILE_SIZE_MB || '10') * 1024 * 1024;
+// D1 has 1MB column limit for TEXT, base64 encoding adds ~33% overhead
+// Safe limit: 750KB binary = ~1MB base64
+const MAX_UPLOAD_SIZE = 750 * 1024; // 750KB
 
 export interface StorageProvider {
   uploadBlob(sealId: string, data: ArrayBuffer, unlockTime: number): Promise<void>;
@@ -48,45 +49,6 @@ export class D1BlobStorage implements StorageProvider {
   }
 }
 
-// Production R2 Storage
-export class R2Storage implements StorageProvider {
-  constructor(private bucket: R2Bucket) { }
-
-  async uploadBlob(sealId: string, data: ArrayBuffer, unlockTime: number): Promise<void> {
-    if (data.byteLength > MAX_UPLOAD_SIZE) {
-      throw new Error(`File exceeds maximum size of ${MAX_UPLOAD_SIZE / 1024 / 1024}MB`);
-    }
-
-    const retentionUntil = new Date(unlockTime);
-
-    await this.bucket.put(sealId, data, {
-      httpMetadata: {
-        contentType: 'application/octet-stream',
-        cacheControl: 'no-cache',
-      },
-      customMetadata: {
-        unlockTime: unlockTime.toString(),
-        retentionUntil: retentionUntil.toISOString(),
-        sealId: sealId,
-      },
-      retention: {
-        mode: 'COMPLIANCE',
-        retainUntilDate: retentionUntil,
-      },
-    } as any);
-  }
-
-  async downloadBlob(sealId: string): Promise<ArrayBuffer> {
-    const object = await this.bucket.get(sealId);
-    if (!object) throw new Error('Blob not found');
-    return await object.arrayBuffer();
-  }
-
-  async deleteBlob(sealId: string): Promise<void> {
-    await this.bucket.delete(sealId);
-  }
-}
-
 // Mock Storage for Development
 export class MockStorage implements StorageProvider {
   private storage = new Map<string, ArrayBuffer>();
@@ -110,10 +72,7 @@ export class MockStorage implements StorageProvider {
 }
 
 // Factory function
-export function createStorage(env?: { BUCKET?: R2Bucket; DB?: D1Database }): StorageProvider {
-  if (env?.BUCKET) {
-    return new R2Storage(env.BUCKET);
-  }
+export function createStorage(env?: { DB?: D1Database }): StorageProvider {
   if (env?.DB) {
     return new D1BlobStorage(env.DB);
   }
diff --git a/lib/validation.ts b/lib/validation.ts
@@ -4,10 +4,11 @@ export interface ValidationResult {
   error?: string;
 }
 
-const MAX_FILE_SIZE = Number.parseInt(process.env.MAX_FILE_SIZE_MB || '10') * 1024 * 1024;
+// D1 TEXT column limit: 1MB. Base64 adds ~33% overhead, so max binary is 750KB
+const MAX_FILE_SIZE = 750 * 1024; // 750KB
 const MAX_DURATION_DAYS = Number.parseInt(process.env.MAX_SEAL_DURATION_DAYS || '365');
 const MIN_UNLOCK_DELAY = 60 * 1000; // 1 minute
-const MAX_REQUEST_SIZE = 30 * 1024 * 1024; // 30MB (25MB file + overhead)
+const MAX_REQUEST_SIZE = 1 * 1024 * 1024; // 1MB (750KB file + overhead)
 
 export function validateRequestSize(contentLength: number): ValidationResult {
   if (contentLength > MAX_REQUEST_SIZE) {

Original file line number	Diff line number	Diff line change
`@@ -189,15 +189,15 @@ export default function HomePage() {`
`189`	`189`	`return;`
`190`	`190`	`}`
`191`	`191`
`192`		`- // Validate message length`
`193`		`- if (message.trim() && message.length > 1000000) {`
`194`		`- toast.error('Message too large (max 1MB)');`
	`192`	`+ // Validate message length (D1 limit: 750KB)`
	`193`	`+ if (message.trim() && message.length > 750000) {`
	`194`	`+ toast.error('Message too large (max 750KB)');`
`195`	`195`	`return;`
`196`	`196`	`}`
`197`	`197`
`198`		`- // Validate file size`
`199`		`- if (file && file.size > 25 * 1024 * 1024) {`
`200`		`- toast.error('File too large (max 25MB)');`
	`198`	`+ // Validate file size (D1 limit: 750KB)`
	`199`	`+ if (file && file.size > 750 * 1024) {`
	`200`	`+ toast.error('File too large (max 750KB)');`
`201`	`201`	`return;`
`202`	`202`	`}`
`203`	`203`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`interface CloudflareEnv {`
`2`	`2`	`DB: D1Database;`
`3`	`3`	`MASTER_ENCRYPTION_KEY: string;`
`4`		`- R2_BUCKET?: R2Bucket;`
`5`	`4`	`}`
`6`	`5`
`7`	`6`	`declare module '@cloudflare/next-on-pages' {`