Ace Strategies Platform
Technical Documentation & Architecture Reference
1. Project Overview
The Ace Strategies Platform is a modern, static-site-powered web platform for Ace Strategies — an Australian communications and engagement consultancy. The platform serves four distinct audiences:
- Public Website — Marketing site showcasing services, case studies, team, and thought leadership
- Staff Portal — Internal hub at
/staff/with CMS access, full knowledge base (including drafts), and platform documentation - Invest Australia Alliance (IAA) Portal — Members-only knowledge base with magic-link authentication
- CMS Administration — Sveltia CMS for non-technical content management at
/admin/
2. Technology Stack
Static Site Generator
Eleventy 3.1.5
Node-based SSG with Nunjucks templating and Markdown support.
Hosting & Edge
Cloudflare Workers
Serverless edge runtime for auth, API, and OAuth.
Search
Pagefind 1.5.2
Static search index at build time. Zero runtime cost.
Content Management
Sveltia CMS
Git-based headless CMS with GitHub OAuth. Decoupled from TinaCMS.
Styling
Custom CSS
Modular CSS with 27+ component modules. No framework.
Resend API
Magic link delivery for portal authentication.
3. System Architecture
3.1 Request Flow
User Request
|
v
Cloudflare Worker (worker.js)
|-- /alliance/members/* --> Session validation --> Static asset
|-- /staff/* --> Session validation --> Static asset
|-- /alliance/login --> Magic link email --> Resend API
|-- /alliance/verify --> Token validation --> Session cookie
|-- /api/polling.json --> Google Sheets API --> JSON response
|-- /api/auth/* --> GitHub OAuth --> CMS token
|-- /* --> Pass through --> Static asset (ASSETS)
3.2 Authentication Model
The portal uses a magic link authentication pattern shared by staff and members:
- User submits email on
/alliance/login/ - Worker checks KV
MEMBER_EMAILSfor approved membership - If approved, cryptographically random token generated and stored in
MAGIC_TOKENS(15-min TTL) - Resend API delivers magic link email
- User clicks link →
/alliance/verify/validates token, issues HMAC-signed session cookie (30 days) - All subsequent
/alliance/members/*and/staff/*requests validate the session cookie
4. Staff Portal
The staff portal at /staff/ is a branded Ace Strategies internal hub — one login for CMS access, knowledge base (all statuses + staff-only content), and platform docs.
4.1 Portal Features
- Dashboard — Quick stats, CMS/KB/Guides tiles, draft and review lists
- Knowledge Base — Full library at
/staff/knowledge/(table view with status, type, category, audience, date) - Platform Docs — This page at
/staff/platform-docs/ - CMS Access — Direct link to Sveltia CMS at
/admin/
4.2 Audience Segmentation
| Audience | Purpose |
|---|---|
staff | Internal only — hidden from member portal |
members | Member-only — hidden from staff portal |
both | Visible everywhere (default) |
4.3 Knowledge Base Documentation
| Article | Audience |
|---|---|
| Quick Start Guide | 👥 Both |
| Write Your First Article | 👥 Both |
| Using the CMS | 👥 Both |
| Review & Publish Workflow | 🔒 Staff |
| Glossary | 👥 Both |
| Content Templates & Examples | 👥 Both |
| Style Guide | 🔒 Staff |
5. Cloudflare Worker
5.1 Routes
| Route | Method | Handler |
|---|---|---|
| /alliance/members/* | GET | Session validation; redirects to login |
| /staff/* | GET | Session validation (same auth) |
| /alliance/login/ | POST | Validate email, send magic link via Resend |
| /alliance/verify/ | GET | Validate token, issue session cookie |
| /alliance/logout/ | GET | Clear cookie, redirect to login |
| /api/polling.json | GET | Live polling data from Google Sheets |
| /api/auth | GET | GitHub OAuth start (Sveltia CMS) |
| /api/auth/callback | GET | GitHub OAuth callback |
| /* | ANY | Pass through to static assets |
5.2 Session Security
- Token format:
base64(payload)|HMAC-SHA256(signature) - Payload:
email|expiry_timestamp - Duration: 30 days
- Cookie flags: HttpOnly, Secure, SameSite=Lax
- Comparison: Constant-time HMAC to prevent timing attacks
6. Environment Configuration
| Secret | Purpose |
|---|---|
| SESSION_SECRET | HMAC signing key (32+ random bytes) |
| RESEND_API_KEY | Resend API key for magic link emails |
| GITHUB_CLIENT_ID | GitHub OAuth app client ID |
| GITHUB_CLIENT_SECRET | GitHub OAuth app client secret |
| GOOGLE_SHEETS_ID | Spreadsheet ID for polling data |
| GOOGLE_SHEETS_API_KEY | Google Cloud API key (Sheets API) |
7. Build & Deployment
| Command | Action |
|---|---|
npm run build | Eleventy build + Pagefind index |
npm start | Eleventy dev server with live reload |
npm run preview | Build + Wrangler local dev |
npm run deploy | Build + deploy to Cloudflare Workers |