Project creatortrack cf access dropped
name: CreatorTrack is public: CF Access dropped, Auth.js is the gate description: CreatorTrack app is publicly accessible; Cloudflare Access was justinsforge-only; Auth.js middleware replaces it type: project
Confirmed 2026-06-18: creatortrack.ai / app.creatortrack.ai is a public product, not an internal tool.
CF Access was protecting it only because it was running on the justinsforge infra pattern. Justin explicitly confirmed: 'that was for justinsforge but creatortrack is open.'
Auth strategy: Auth.js (NextAuth) self-hosted with email+password + Google OAuth (linked by same email), DB sessions in core Postgres, email verification deferred until pre-public-launch.
Why: Critical to never re-add CF Access in front of app.creatortrack.ai or treat it as an internal-only tool.
How to apply: Any Cloudflare tunnel or access rule for creatortrack must NOT use Access authentication. Auth.js middleware is the sole gate. If you see CF Access protecting app.creatortrack.ai, it's a misconfiguration.
[auto-memory session 57205162-c1eb-485a-ba96-f5b45b27ab9b, confidence 0.90, mode direct]