Introduction
Cube Commons is a token-gated web platform built on Cloudflare Workers, Pages, and D1. It uses a subdomain-per-section architecture where each part of the site is an independent Astro build deployed to its own Cloudflare Pages project.
Key Concepts
Section titled “Key Concepts”- Token Gate — Every visitor enters through
token.cubecommons.orgby pasting an access token. Tokens are scoped to specific sections. - Section Registry — The worker maps URL paths to section keys. Each section has a default role requirement (visitor, reviewer, founder).
- Scope Resolution — Token scope is hierarchical: a token scoped to “transparency” grants access to all child sections (sustainability.transparency, governance.transparency, etc.).
- TOTP 2FA — Certain sections and auth pheromone lockdowns require two-factor authentication via TOTP.
Architecture
Section titled “Architecture”The platform consists of:
- Worker (
cubecommons-gate) — Cloudflare Worker handling authentication, routing, and API endpoints - Sites — 27 independent Astro projects, one per subdomain
- D1 Database (
cube-ledger) — Token records, access events, TOTP state, feedback - KV Namespaces — Admin state, token cache, scope cache