# Flarelink > Auth, database, storage, and email for your app — provisioned on your own Cloudflare account. The auth Worker is source-available (FSL-1.1-MIT) and verifiable byte-for-byte; the SDK and starters are MIT. Flarelink orchestrates via Cloudflare's API and stays out of your app's request path. ## Getting started - [Docs](https://flarelink.dev/docs): Auth, database, storage, and email on your own Cloudflare account. Start with the quickstart, then go deep on each module. - [Quickstart](https://flarelink.dev/docs/quickstart): From an empty project to a working backend — auth, database, storage — on your own Cloudflare account, in about five minutes. - [Architecture: server-first by design](https://flarelink.dev/docs/architecture): Why the browser can only call auth.*, why database and storage are server-only, why there's no row-level security yet — and how Flarelink stays out of your app's request path. - [Local development](https://flarelink.dev/docs/local-development): The honest local-dev story: a dev project, a localhost trusted origin, HTTPS-over-localhost for Safari, current limitations, and what's planned. - [Your schema & migrations](https://flarelink.dev/docs/schema): How your own tables come to exist — the table editor, the SQL console, and a repeatable migration workflow you keep in your repo. Plus what's planned. ## SDK reference - [Auth](https://flarelink.dev/docs/auth): The flarelink.auth.* surface — sign-up, sign-in, OAuth, magic links, password reset, verification. Browser + server safe. - [Database](https://flarelink.dev/docs/database): flarelink.from(table) — a typed, chainable query builder over your D1, plus a raw-SQL escape hatch. Server-only. - [Storage](https://flarelink.dev/docs/storage): flarelink.storage.* — presigned R2 uploads and downloads. Bytes go browser → R2 directly; zero bytes through Flarelink or your server. - [SSR & cookies](https://flarelink.dev/docs/ssr): Forward the browser's session cookie on server-side fetches so flarelink.auth.getMe() resolves the signed-in user from a route handler or loader. - [Error reference](https://flarelink.dev/docs/errors): Every AuthError, StorageError, and DatabaseError code the SDK and auth Worker can emit — with the cause and the fix. ## Guides - [OAuth provider setup](https://flarelink.dev/docs/oauth): Step-by-step Google and GitHub OAuth setup, with the exact redirect URI Flarelink expects and where to paste the client id and secret. - [Email](https://flarelink.dev/docs/email): Configure the email module (Cloudflare Email Sending or Resend) and customize the password-reset, verification, and magic-link templates. - [File uploads, end to end](https://flarelink.dev/docs/file-uploads): A complete upload flow: server mints a presigned PUT, the browser uploads to R2 with progress, the server records the key in D1, and a presigned GET shows it back. - [Custom domain for auth](https://flarelink.dev/docs/custom-domain): Bind the auth Worker to auth.yourdomain.com — makes the session cookie same-site (fixes Safari) and gives you a production-grade URL. Recommended before launch. - [Cookies & Safari](https://flarelink.dev/docs/cookies): Why the session cookie is SameSite=None; Secure; Partitioned, why Safari blocks it on workers.dev, the custom-domain fix, and a per-browser troubleshooting matrix. - [Rotating R2 credentials](https://flarelink.dev/docs/rotate-r2): Rotate your R2 access keypair safely — mint-then-revoke, fanned out to every auth Worker on the project, shown once. - [Limits & semantics](https://flarelink.dev/docs/limits): Inherited Cloudflare limits (D1 size, Workers CPU, R2), KV eventual consistency and what it means for sign-out, presigned-URL expiry clamps, and list pagination. ## Framework quickstarts - [Next.js](https://flarelink.dev/docs/frameworks/nextjs): Wire @flarelink/client into a Next.js App Router app — split client/server clients, forward cookies, and protect a route. - [SvelteKit](https://flarelink.dev/docs/frameworks/sveltekit): Wire @flarelink/client into SvelteKit — server-only service key via $env/static/private, forward cookies, and protect a route in load. - [Vite + React](https://flarelink.dev/docs/frameworks/vite): Wire @flarelink/client into a browser-only Vite + React SPA — auth.* in the browser, DB/storage behind your own API, and a client-side route guard. - [Remix](https://flarelink.dev/docs/frameworks/remix): Wire @flarelink/client into Remix — a .server.ts client factory, forward cookies, and protect a route in a loader. - [Astro](https://flarelink.dev/docs/frameworks/astro): Wire @flarelink/client into Astro — a server client factory, forward cookies, and protect a page in frontmatter. - [Hono / Workers](https://flarelink.dev/docs/frameworks/hono): Wire @flarelink/client into a Hono app on Cloudflare Workers — per-request client from env, forward cookies, and a requireUser middleware. ## Security - [What the token can do](https://flarelink.dev/docs/token-scope): Every Cloudflare API token permission Flarelink asks for, why it's needed, what it creates — and how to connect with a minimal, non-escalating token. - [Activity log](https://flarelink.dev/docs/activity-log): An append-only record of every consequential change Flarelink has made in your Cloudflare account — and how to cross-check it against Cloudflare's own audit log. ## More - [Trust & verification](https://flarelink.dev/trust): How to verify the deployed auth Worker matches the published source. - [Pricing](https://flarelink.dev/pricing): Free during beta; no usage-based markup — Cloudflare bills you directly. - [Changelog](https://flarelink.dev/changelog): What shipped, by week.