Live Subscription Media fronts.co

Fronts.co

A premium subscription media platform. Edge-rendered, paywall-gated, with every layer — auth, commerce, video, search, analytics — running natively on Cloudflare.

Fronts.co is a subscription news and analysis publication covering modern conflicts, defense, and geopolitical strategy. It's also a reference implementation for what a full-stack media product looks like when you build it entirely on cloud-native primitives. No WordPress. No Rails. No origin servers.

← All projects Visit fronts.co

How It's Built

Architecture and implementation.

Astro SSR on Workers

Every page renders server-side on every request via Astro 5 on Cloudflare Workers. Svelte 5 components, Tailwind CSS 4. No origin server anywhere — compute is global by default.

Content in D1, not files

All articles, videos, and podcasts live in D1 as structured relational data. Revision tracking, tag associations, and a full status lifecycle: draft → scheduled → published → archived.

Three-method auth on one session system

Magic link, OAuth (Google + GitHub), and email/password all converge on KV-backed sessions with HTTP-only cookies and 30-day TTL. Bot-safe magic links via cookie confirmation step.

Webhook-driven subscription commerce

LemonSqueezy webhooks processed through a Queue consumer with HMAC-SHA256 validation and idempotency records. Gift subscriptions are first-class. A safety-net sync reconciles state every 30 minutes.

Video + AI transcription pipeline

Cloudflare Stream for video hosting. A Queue consumer fetches audio, runs Whisper AI for speech-to-text, and generates VTT captions. Handles rate limiting with exponential backoff on errors.

Publisher CMS with AI assistance

Full /admin interface for content management. AI content assistance via Anthropic API — suggestions, proofreading, SEO optimization. Media management to Cloudflare Images and Stream.

Architecture Map

Request flow and service topology

Visitor → Workers (Astro SSR) → D1 content query → Rendered page
                              ├── Auth check (KV session)
                              └── Paywall gate (subscription status)

Auth flow → Magic link / OAuth / Password → KV session → Cookie

LemonSqueezy webhook → Queue consumer → D1 subscription records
                                         └── Customer.io transactional email

Video upload → Cloudflare Stream → Transcript Queue → Whisper AI → VTT captions

Search → Vectorize semantic query → Ranked results

Admin → Publisher API → D1 content CRUD → Cloudflare Images / Stream

Primitives Used

Every Cloudflare binding in this project.

Workers Astro SSR rendering and all API endpoints

D1 Canonical content store — articles, users, subscriptions, revisions

KV Session storage, magic link rate limiting, access caching

R2 File uploads, AI search index backup

Cloudflare Images Article thumbnails and hero images with variant transforms

Cloudflare Stream Video hosting with AI-generated captions

Vectorize Semantic search index over content

Workers AI Whisper transcription, embedding generation

Queues Webhook event processing (LemonSqueezy) and video transcription

Analytics Engine Custom analytics dataset

Observability Full request tracing at 100% sampling

Turnstile CAPTCHA protection on forms in production

What Makes This Interesting

The architectural angle worth paying attention to.

Fronts is a complete media product — auth, paywall, CMS, video, search, commerce, analytics — and there's no origin server anywhere. No database server to manage. No Redis. No queue worker fleet. No search cluster. Every piece that would traditionally require its own infrastructure is a Cloudflare primitive binding in the same Worker. The deployment is wrangler deploy.

← All projects Read approach.md