Migrate env access from Astro.locals.runtime.env to cloudflare:workers

Astro v6 removed locals.runtime.env in favor of the cloudflare:workers
module import. Updated all 15 source files and 2 test files to use
`import { env } from 'cloudflare:workers'` pattern.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: barckcode

src/env.d.ts

@@ -16,11 +16,13 @@ type RuntimeEnv = {
   CRON_SECRET: string;
 };
 
+declare module 'cloudflare:workers' {
+  const env: RuntimeEnv;
+  export { env };
+}
+
 declare namespace App {
   interface Locals {
-    runtime: {
-      env: RuntimeEnv;
-    };
     member?: typeof import('../db/schema').members.$inferSelect;
   }
 }

src/middleware.ts

@@ -1,4 +1,5 @@
 import { defineMiddleware } from 'astro:middleware';
+import { env } from 'cloudflare:workers';
 import { getDb } from './lib/db';
 import { validateSession, clearSessionCookie } from './lib/auth';
 
@@ -15,7 +16,6 @@ export const onRequest = defineMiddleware(async (context, next) => {
     return context.redirect('/login');
   }
 
-  const env = context.locals.runtime.env;
   const db = getDb(env.DB);
 
   const result = await validateSession(sessionId, db);

src/pages/api/auth/discord/link.ts

@@ -1,4 +1,5 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { buildOAuthUrl, generateOAuthState } from '../../../../lib/discord';
 
 export async function GET(context: APIContext) {
@@ -7,7 +8,6 @@ export async function GET(context: APIContext) {
     return context.redirect('/login');
   }
 
-  const env = context.locals.runtime.env;
   const baseUrl = env.PUBLIC_URL || context.url.origin;
   const redirectUri = `${baseUrl}/auth/discord/callback`;
 

src/pages/api/auth/logout.ts

@@ -1,9 +1,9 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { getDb } from '../../../lib/db';
 import { destroySession, clearSessionCookie, verifyCsrfOrigin } from '../../../lib/auth';
 
 export async function POST(context: APIContext) {
-  const env = context.locals.runtime.env;
   const allowedOrigin = env.PUBLIC_URL || context.url.origin;
 
   if (!verifyCsrfOrigin(context.request, allowedOrigin)) {

src/pages/api/auth/magic-link.ts

@@ -1,4 +1,5 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { eq, and, gte } from 'drizzle-orm';
 import { getDb } from '../../../lib/db';
 import { createMagicToken, cleanupExpiredTokens, verifyCsrfOrigin } from '../../../lib/auth';
@@ -8,7 +9,6 @@ import { magicTokens } from '../../../../db/schema';
 const MAX_ACTIVE_TOKENS_PER_EMAIL = 3;
 
 export async function POST(context: APIContext) {
-  const env = context.locals.runtime.env;
   const allowedOrigin = env.PUBLIC_URL || context.url.origin;
 
   if (!verifyCsrfOrigin(context.request, allowedOrigin)) {

src/pages/api/benefits/[id].ts

@@ -1,4 +1,5 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { eq, and } from 'drizzle-orm';
 import { getDb } from '../../../lib/db';
 import { validateSession } from '../../../lib/auth';
@@ -10,7 +11,6 @@ export async function GET(context: APIContext) {
     return new Response('Unauthorized', { status: 401 });
   }
 
-  const env = context.locals.runtime.env;
   const db = getDb(env.DB);
 
   const result = await validateSession(sessionId, db);

src/pages/api/benefits/benefits.test.ts

@@ -1,6 +1,13 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 
 // Mock dependencies
+vi.mock('cloudflare:workers', () => ({
+  env: {
+    DB: {},
+    PUBLIC_URL: 'https://nan.builders',
+  },
+}));
+
 vi.mock('../../../lib/db', () => ({
   getDb: vi.fn(),
 }));
@@ -56,15 +63,7 @@ function createMockContext(overrides: Record<string, any> = {}): any {
     url: new URL(overrides.url ?? 'https://nan.builders/api/benefits'),
     request: overrides.request ?? new Request('https://nan.builders/api/benefits'),
     params: overrides.params ?? {},
-    locals: {
-      runtime: {
-        env: {
-          DB: {},
-          PUBLIC_URL: 'https://nan.builders',
-          ...(overrides.env ?? {}),
-        },
-      },
-    },
+    locals: {},
   };
 }
 

src/pages/api/benefits/index.ts

@@ -1,4 +1,5 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { eq, desc } from 'drizzle-orm';
 import { nanoid } from 'nanoid';
 import { getDb } from '../../../lib/db';
@@ -11,7 +12,6 @@ export async function GET(context: APIContext) {
     return new Response('Unauthorized', { status: 401 });
   }
 
-  const env = context.locals.runtime.env;
   const db = getDb(env.DB);
 
   const result = await validateSession(sessionId, db);
@@ -34,7 +34,6 @@ export async function GET(context: APIContext) {
 const VALID_BENEFIT_TYPES = ['infrastructure', 'tool_access'];
 
 export async function POST(context: APIContext) {
-  const env = context.locals.runtime.env;
   const allowedOrigin = env.PUBLIC_URL || context.url.origin;
 
   if (!verifyCsrfOrigin(context.request, allowedOrigin)) {

src/pages/api/checkout/create.ts

@@ -1,4 +1,5 @@
 import type { APIContext } from 'astro';
+import { env } from 'cloudflare:workers';
 import { getDb } from '../../../lib/db';
 import { validateSession, verifyCsrfOrigin } from '../../../lib/auth';
 import {
@@ -9,7 +10,6 @@ import {
 } from '../../../lib/stripe';
 
 export async function POST(context: APIContext) {
-  const env = context.locals.runtime.env;
   const allowedOrigin = env.PUBLIC_URL || context.url.origin;
 
   if (!verifyCsrfOrigin(context.request, allowedOrigin)) {

src/pages/api/cron/discord-reminder.test.ts

@@ -6,6 +6,15 @@ const mockUpdate = vi.fn();
 const mockSet = vi.fn();
 const mockWhere = vi.fn();
 
+vi.mock('cloudflare:workers', () => ({
+  env: {
+    DB: {},
+    CRON_SECRET: 'test-secret',
+    RESEND_API_KEY: 're_test',
+    PUBLIC_URL: 'https://nan.builders',
+  },
+}));
+
 vi.mock('../../../lib/email', () => ({
   sendDiscordReminder: (...args: unknown[]) => mockSendDiscordReminder(...args),
 }));
@@ -38,16 +47,6 @@ vi.mock('../../../../db/schema', () => ({
 
 function createContext(authHeader?: string) {
   return {
-    locals: {
-      runtime: {
-        env: {
-          DB: {},
-          CRON_SECRET: 'test-secret',
-          RESEND_API_KEY: 're_test',
-          PUBLIC_URL: 'https://nan.builders',
-        },
-      },
-    },
     request: {
       headers: new Headers(authHeader ? { authorization: authHeader } : {}),
     },