Form Backend & Contact form System

A fully serverless, secure, dependency-free communication pipeline built on Cloudflare Workers.

Project created on: 25 Nov. 2025 | Last updated: 26 Nov. 2025

This project is the complete backend powering the contact form on my portfolio website. I built a fully serverless workflow based on Cloudflare Workers and KV Storage, ensuring reliability, privacy, and total control over how data flows through the system.

The architecture removes the need for cookies, sessions, or frameworks. Admin access is protected using a cryptographically secure ultra-long one-time URL token. Once used, the token invalidates itself immediately, eliminating persistent authentication entirely.

The final result is a globally fast, maintenance-free communication system designed for long-term stability and complete data ownership.

Overview

Problem

Third-party form services add limitations—rate caps, dependency risks, outages, and pricing tiers. I needed a fully independent, long-term backend for message handling.

Solution

A custom Worker that validates, timestamps, normalizes, and stores each submission in KV, combined with a hidden admin dashboard for secure review.

Core Stack

Cloudflare Workers · KV Storage · One-time tokens · HTML templating · Serverless routing · Honeypot anti-bot field

Architecture

The system has four layers: client submission, Worker processing, KV storage, and admin rendering.

Client Submission: Captures message, email, timezone, and an invisible honeypot to block bots.
Worker Endpoint: Validates input, normalizes timestamps to UTC, extracts IP, and generates a unique sortable ID.
KV Storage: Each submission becomes a structured JSON record with full metadata.
Renderer: Converts KV entries into an Excel-style table UI inside a hidden admin route.
Admin Security: Uses a 128–256 char ultra-long one-time token, hashed in KV. Zero sessions, zero cookies.

Key Features

Secure-by-default

No cookies, no sessions. One-time URL tokens ensure admin access cannot be reused.

UTC Normalization

Every entry is stored in YYYY-MM-DD HH:MM:SS UTC, guaranteeing consistent ordering.

Anti-Spam Honeypot

Invisible field + rate limiting blocks automated submissions without CAPTCHAs.

KV Storage Model

Durable, globally replicated, schema-free structured storage.

Admin Renderer

Server-rendered sorting table with no external dependencies.

Screenshots

Sample Code Snippet

This snippet shows how each message is normalized to UTC and safely stored in KV:

// Normalize current time to UTC
const now = new Date();
const utc = now.toISOString().replace("T", " ").replace("Z", " UTC");

// Store structured message in KV
await MESSAGES.put(id, JSON.stringify({
  name,
  email,
  message,
  ip,
  client_tz,
  client_time,
  utc_time: utc
}));

Possible future improvements

Filtering (Email / IP / Date)
CSV export
Time-based token expiration
Encrypted KV values
Webhook alerts

Links

GitHub: https://github.com/...

Live Demo: https://yourdomain.com