adb-web
AI-generated content
This document was generated by an AI assistant. Verify accuracy before relying on the details.
Role
New frontend architecture running on Cloudflare Workers, gradually replacing adb-ui. Yarn 4 + Turborepo monorepo containing:
apps/ui— Angular served statically by a Worker (Static Assets).apps/bff— Backend-For-Frontend in Hono: terminates auth at the edge, caches reads, rate-limits, and fans out to the Java services through Cloudflare Tunnel.packages/*— shared types, API client generated from OpenAPI, UI components, styles, ESLint config.
⚠️ Migration in progress. As of writing, only the /healthz endpoint is implemented on the BFF side; the scaffolding exists and TODOs are numerous.
Stack
| Item | Value |
|---|---|
| Package manager | Yarn 4.5.0 |
| Build orchestrator | Turbo 2.3.0 |
| Node | >= 20.10.0 |
| TypeScript | 5.6.0 |
| BFF framework | Hono 4.6.0 |
| Wrangler | 4.0.0 |
| Workers types | @cloudflare/workers-types 4.20240925.0 |
| Tests | Vitest 2.0 + @cloudflare/vitest-pool-workers 0.5 |
Architecture
flowchart TB
Browser[Browser]
subgraph CFEdge[Cloudflare Edge]
UIWorker[UI Worker<br/>Static Assets<br/>Angular SPA]
BFF[BFF Worker<br/>Hono]
KV[(KV<br/>cache)]
DO[Durable Objects<br/>rate-limit, sessions]
end
Tunnel[Cloudflare Tunnel<br/>ADB_TUNNEL_TOKEN]
subgraph Backend
GW[adb/proxy<br/>Nginx]
Services[adb-* services]
end
Browser --> UIWorker
UIWorker -->|loads SPA + assets| Browser
Browser -->|/api/...| BFF
BFF -.cache lookup.-> KV
BFF -.rate-limit.-> DO
BFF -->|HTTPS| Tunnel
Tunnel --> GW
GW --> Services
Monorepo structure
adb-web/
├── apps/
│ ├── ui/ Angular SPA (to be migrated from adb-ui)
│ └── bff/ Hono Worker
│ ├── src/index.ts Routes (TODO: complete Hono router)
│ └── wrangler.jsonc Worker config
└── packages/
├── api-client/ TS types generated from OpenAPI
├── shared-types/ Types shared between UI and BFF
├── ui-components/ Reusable Angular components
├── ui-styles/ Shared CSS/SCSS
└── eslint-config/ Common ESLint config
apps/bff — the Hono BFF
Planned responsibilities
- Terminate authentication at the edge (Keycloak JWT validation via JWKS).
- Cache idempotent reads (KV namespace).
- Rate-limit / shape per user (Durable Objects).
- Fan-out to the Java services through Cloudflare Tunnel.
wrangler.jsonc configuration
{
"name": "adb-bff",
"main": "src/index.ts",
"compatibility_date": "2026-04-01",
"compatibility_flags": ["nodejs_compat"],
"observability": { "enabled": true },
"vars": { "ENVIRONMENT": "development" }
// TODO:
// - routes + custom domain
// - kv_namespaces (cache)
// - durable_objects (rate-limit, sessions)
// - service bindings
// - secrets
}
Expected secrets
| Secret | Role |
|---|---|
ADB_UPSTREAM_URL | URL of the Java backend (via tunnel) |
ADB_TUNNEL_TOKEN | Cloudflare Tunnel token |
JWT_SECRET | JWT validation |
Current state
// src/index.ts — excerpt
app.get('/healthz', (c) => c.json({ ok: true, env: c.env.ENVIRONMENT }))
The business routes (/api/contracts, /api/persons, etc.) are still to be wired up.
apps/ui — Angular on Cloudflare
The Angular app will be built and then served by a Worker in Static Assets mode. The source code is to be migrated from adb-ui.
Packages
@adb/api-client
TypeScript client generated automatically from the OpenAPI specs in adb/adb-openapi/.
yarn workspace @adb/api-client run generate
The script points to ../../../adb/adb-openapi/*.yaml (path relative to adb-web/packages/api-client/).
@adb/shared-types
Types shared between UI and BFF (request/response shapes, enums, constants).
@adb/ui-components
Reusable Angular components, packaged via ng-packagr.
@adb/ui-styles
Shared CSS / SCSS (variables, mixins, themes).
@adb/eslint-config
ESLint configuration shared across all workspaces.
Inter-service dependencies
flowchart LR
web[adb-web/bff]
tunnel[Cloudflare Tunnel]
proxy[adb/proxy]
services[All adb-* services]
web --> tunnel
tunnel --> proxy
proxy --> services
The BFF has no Maven dependency and no FQDN — it reaches the backend through an upstream URL (secret ADB_UPSTREAM_URL) routed via the tunnel.
Build & deployment
# At the root of adb-web/
yarn install
turbo run build # Build all workspaces
turbo run dev # Dev mode (watch)
turbo run lint
turbo run test # Vitest across all packages
turbo run deploy # Wrangler deployment
# Sync types from the backend OpenAPI
yarn sync:openapi
Cloudflare Pages / Workers
apps/ui→ deployed as a Worker with Static Assets binding.apps/bff→ deployed as a regular Worker.
To configure on the Cloudflare dashboard (account lifeconnect):
- Custom domain.
- KV namespace for the cache.
- Durable Objects classes for rate-limiting.
- Cloudflare Tunnel to the internal infrastructure.
- Secrets.
Links
- Code:
adb-web/ - BFF:
adb-web/apps/bff/ - Wrangler config:
adb-web/apps/bff/wrangler.jsonc