Mindful Auth: Cloudflare D1 + Astro Authentication 5 Starter Theme
Edge-Native identity starter for Astro 5. Mindful Auth provides the identity logic and security layer, while you maintain 100% ownership of your user data in your own Cloudflare D1 database.
💡 Important Notes:
- Logic Skeleton: This is a developer-first logic skeleton, not a visual theme. The UI is purposely minimalist and unstyled, acting as a clean foundation so you can integrate your own design system without fighting CSS bloat.
- Live Demo: The provided URL is a live reference implementation running on the edge. This specific instance is configured with a Tape backend for internal testing. Public registration is restricted to maintain environment integrity; please refer to the technical walkthrough for a full dashboard view.
🎥 Video Tutorial
Click to watch the full setup video on YouTube
🧘 Why Mindful Auth?
Most auth providers hold your user data hostage and add significant latency to your stack. Mindful Auth is different:
- 100% Data Ownership: Your users live in your D1 database. We never store your plain-text user data or "trap" your users in our dashboard.
- Workers Native: Optimized for the Cloudflare Workers runtime for maximum performance and future-proof architecture.
- Zero Latency: Authentication logic runs at the Edge, directly alongside your application code.
- Privacy First: Built on the "Mindful" principle. Only the data you choose to share leaves your infrastructure.
- Bot Protection: Native integration with Cloudflare Turnstile for seamless, invisible security.
🛠️ Mindful Auth Features
- Astro 5.0+ Ready - Leveraging the latest SSR and Middleware capabilities.
- Fully Headless - Total control over your UI. No "black-box" components or forced styling.
- Password Authentication - traditional email + password login method where users create accounts with a password and verify their email via a secure link.
- Magic Link Authentication - passwordless login method with up to four distinct security layers where users receive a secure link via email to log in.
- Two-Factor Authentication - add an extra layer of security to your authentication flow with TOTP-based 2FA.
- Audit Logs - track and monitor all authentication events for security and compliance purposes.
- Lock/Unlock Members on Demand - perfect for handling suspicious activity or manual account management.
- Six Layer Defense System - a comprehensive security system that includes rate limits, bot protection, and anomaly detection to safeguard your authentication flow from malicious actors.
- Per-Tenant Key Derivation - for maximum security in multi-tenant applications.
- Shared Security Layer - Mindful Auth secures the authentication layer (login, registration, password reset, 2FA, etc.) but does not store any member data. Your backend is responsible for securing member data.