[DigitalPoint] App for Cloudflare® 1.9.7

Fix for issue when trying to enable guest page caching (ends up in a loop). Only needed if you don't have guest page caching enabled and you want to enable it.

IMPORTANT for existing users: New functionality requires 2 additional API permissions in order to use the new functions. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Account.Allow Request Tracer: Read
• Account.Intel: Read

At this point, you should have a total of 18 permissions for your API token.

Changes:

• Added ability to cache media attachments (both normal attachments and XF Media Gallery uploads) at network edge (images, video and audio attachments can be cached in Cloudflare data centers)
• Reorganized admin navigation (Cloudflare functions consolidated into a new Cloudflare section)
• Switched order of Network and Scrape Shield settings
• Added descriptions for each Cloudflare setting
• New option: Purge cache when post is created or deleted
• New Cloudflare Tools section:
  • HTTP request trace
  • IP address details
  • Domain details
  • WHOIS

• Fixed issue where you would get a Call to a member function getBody() on array exception instead of the intended HTTP response if an API call failed twice (it automatically does a retry if it failed once)
• When using guest page caching, decouple the purge cache mechanism from the http request (the purge cache action is sent to XenForo's job system)
• Show egress bandwidth when hovering over R2 class A or class B operation stats
• Reorganized settings to align with Cloudflare's recent dashboard changes
• Remove authentication option for Global API Keys (only allow API Tokens going forward)

Reorganization of settings moves settings to different categories and created sub-sections within categories. It follows the changes Cloudflare introduced this week so the location of settings in the addon matches where they are in the Cloudflare dashboard. Example:

• Fixed issue with creating Turnstile site via API (Cloudflare updated schema for API call)
• Added ASN support when creating IP address rules
• Cache Cloudflare zone/domain (makes it so an API call is not necessary on the admin index page to build deeplink to your zone in your Cloudflare account)

• Guest page caching will work properly when a page immediately fires an AJAX request
• Don't try to purge Cloudflare's cache when using guest page caching and an orphaned post is being deleted (when a post is assigned to a thread that doesn't exist)
• Don't include all Zero Trust Access rules in backup (only include rules for your zone/domain)
• Cache Rules included in backup/restore process

• Added check to make sure the site's hostname has at least one dot in it when determining Cloudflare zone ID (things like "localhost" are not valid Cloudflare zones)
• Fetch up to 1,000 R2 buckets per account with API call instead of the default of 20
• If API permissions get revoked on accident, don't throw exception about it on main admin index (admin index won't break if API permissions went away for some reason)

• Better handling of stats rebuilding when rebuilding all stats for the site (from cache rebuild)
• Check if Cloudflare account ID is missing when generating R2 bucket URL and add a server error log if that's the case (if an API token has insufficient permissions, you could end up with a missing account ID, which would in turn make R2 functions not work).
• Backup option works properly again with Firewall rules (forgot to convert that to the new Ruleset API that the firewall uses
• Added check to make sure none of the Cloudflare daily stats are somehow giving a negative number

• Better handling of situation where someone deleted R2 bucket in Cloudflare's dashboard but didn't disconnect that bucket from being used by XenForo yet.
• Fixed issue where we were assuming there was a firewall ruleset for firewall rules (not always the case, so don't assume it exists).
• Fixed issue with logging daily stats if a site isn't using Turnstile for CAPTCHAs
• Requires XF 2.1.0+ (always was the case technically, installer enforces it now)

IMPORTANT for existing users: A change to Firewall API calls requires a new API permission to be able to set it. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Zone.Zone WAF: Edit

The Firewall API has been deprecated and turned into a Ruleset API, so no way around the new permission (sorry).

Changes:

• Fixed missing padding on timeframe selector on DMARC management page
• Added missing phrase missing_cloudflare_authentication_info
• If there is no Cloudflare authentication token set (new install normally), don't try to show the stats block
• Fixed issue where deeplink generated for DMARC management would include sub-domain of site rather than just the domain/zone.
• Links for Turnstile settings and analytics work again (Cloudflare made an unannounced changed to API, so conforming to new API schema)
• Fixed reversed label on DMARC chart
• Fixed issue with approved DMARC sources showing in the unapproved sources report
• Fixed sorting issue on DMARC sources report
• Made internals of Country blocking case-insensitive for country codes
• Migrated Firewall API calls to new Ruleset API
• New Cloudflare daily stats (in XenForo's normal statistics area):
  • Unique visitors
  • Requests
  • Data served
  • Data cached
  • Threats
  • Turnstile challenges
  • Turnstile interactive solves
  • Turnstile non-interactive solves
  • Turnstile unsolved
  • R2 class A operations
  • R2 class B operations

• Consolidated buttons for new firewall rules into a menu
• Consolidated buttons for new cache rules into a menu
• Stop click propagation when clicking on link to Cloudflare in stats block header (prevents block from hiding/showing when you are just trying to go to Cloudflare dashboard)
• Viewing statistics block on main admin page requires admin permission viewAnalytics (not the permission for managing cloudflare) and block is hidden if the user doesn't have the necessary permission
• Added check to avoid division by zero errors in a case where Cloudflare reports an impossible scenario (cached traffic for a time period, but total traffic for that same time period is 0)
• New option: Show Cloudflare statistics
• Added DMARC management section. Ability to monitor emails being sent by third parties (includes week/month chart as well as table of unapproved sources sending emails)
• Fixed some text not being phrased in the stats block