CloudFlare worker proxy for ProtonMail WKD

cf-worker-proton-wkd.js

// 1. Create a worker in the dashboard and paste the following code into it
// 2. Replace all references to example.com to your domain, add more domains if needed
// 3. Deploy the worker
// 4. Setup routes in the dashboard for:
//    - example.com/.well-known/openpgpkey/*
//    - openpgpkey.example.com/.well-known/openpgpkey/*
//    - (apply above for additional domains too)
// 5. Verify that it is working with https://metacode.biz/openpgp/web-key-directory

export default {
  async fetch(request, env, ctx) {
    const url = new URL(request.url);

    switch (url.hostname) {
      case 'example.com':
//      case 'example2.org':
        return await handleRoot(request, url);
      case 'openpgpkey.example.com':
//      case 'openpgpkey.example2.org':
        return await handleSubdomain(request, url);
      default:
        return await fetch(request);
    }
  },
};

async function handleRoot(request, url) {
  const lastSegment = url.pathname.split("/").pop();
  let newUrl;

  if (lastSegment === "policy") {
    newUrl = "https://api.protonmail.ch/.well-known/openpgpkey/" + url.hostname + "/policy";
  } else {
    newUrl = "https://api.protonmail.ch/.well-known/openpgpkey/" + url.hostname + "/hu/" + lastSegment + url.search;
  }

  const protonResponse = await fetch(newUrl, request);

  const alteredResponse = new Response(protonResponse.body, protonResponse);
  alteredResponse.headers.set("Access-Control-Allow-Origin", "*");
  return alteredResponse;
}

async function handleSubdomain(request, url) {
  const newUrl = "https://api.protonmail.ch" + url.pathname + url.search;
  const protonResponse = await fetch(newUrl, request);

  const alteredResponse = new Response(protonResponse.body, protonResponse);
  alteredResponse.headers.set("Access-Control-Allow-Origin", "*");
  return alteredResponse;
}