[DigitalPoint] App for Cloudflare® 1.9.1.1

Fixes an issue where if you have other addons that extend the XF\Templater class, with an execution order higher than 1000, and you are trying to view IP addresses that were logged without an associated geo-location record for that IP.

• Removed use of is_callable() (PHP 8.2+ compatibility change)
• Added Cloudflare setting: Security -> Bots -> AI Labyrinth

• Fixed issue with geo-location of user IPs in admin area on latest versions of PHP
• Fixed issue with geo-location when users are viewing their own IP addresses (when using Security addon)

• Get user IP from request class rather than PHP global variable
• Geo-location flags work for article authors
• Don't log geo-location info for sessions if using XenForo < 2.2.8 (required method wasn't introduced until XF 2.2.8)
• Internally simplified how geo-location flag CSS is generated

Yuck... sorry. This fixes it.

First of all, this is a big(ish) update...

Large R2 attachments should see the download start much faster for end users (rather than downloading it fully on the server before sending it to user, it's done with streams now). Honestly not sure why I didn't do it that way to begin with, but thanks to @Chris D for pointing out my stupidity oversight. It's still going to be more performant to be using presigned URLs, so the streaming change is only if you aren't using presigned URLs or token authentication for R2 attachments.

The addon now has the ability to pick up Cloudflare geo-location info for users (or more specifically, HTTP requests). This is something I've been doing for a LONG time with internal addons (in vBulletin 3, vBulletin 4, XF1 and XF2). So this was (mostly) just merging an internal addon I already had into this one.

• If you want this to be done just at the country-level, make sure you enable the IP Geolocation setting for your Cloudflare domain/zone.
• If you want this to be done at the region-level, make sure you enable the Add visitor location headers option for your Cloudflare domain/zone.
• If you don't want to do this at all, disable the Log IP address locations setting under Options -> External service providers.

As far as storing all the extra geo data, it's done as efficiently as possible, with a single record for location data needed for each IP. So even if an IP was logged 1,000 times (and even across multiple users), it only needs to store the geo data once per IP. If you delete/purge IPs, the geo data cleans itself up if there no record of the IP being used any longer in the xf_ip table.

There are a couple new permissions that go along with this to allow user groups to see the country someone posted in a thread/sent a direct message from if you want to allow that.

User group permissions -> Forum permissions -> View country flag on posts
User group permissions -> Direct message permissions -> View country flag on messages

• Updated charting library (Chart.js) to 4.4.7
• Fixed issue where R2 egress bandwidth info for a bucket was reporting class B operations instead of class A operations
• Updated call for attaching custom domain to R2 bucket (endpoint changed)
• Attachment contents passed to view as a stream, rather than a string
• CLI tool to migrate data will ignore files with a prefix of local/
• Made change to CLI migration tool so that the multi-process ability is compatible with new version of Symphony (XF 2.3)
• Added new Cloudflare setting (under Security): AI Bots
• Geo-location functionality
  • New option: Admin -> Options -> External service providers -> Log IP address locations
  • New permission: View country flag on posts
  • New permission: View country flag on messages

• Added new Cloudflare setting (under Speed): Speed Brain
• Easy Config enables Speed Brain
• Added support for setting SSL/TLS Encryption Mode to Strict (SSL-only origin pull) (for Enterprise zones)
• Added new Cloudflare setting (under SSL/TLS): Encrypted Client Hello
• Added new Cloudflare setting (under Security): Leaked credentials

• Fixed issue with deleting a Page Cache rule (change to Cloudflare API)
• Fixed issue with changing Cloudflare settings on XenForo 2.3 (was being done with form submission instead of the intended AJAX request)
• Ignore full stat rebuilds (too many API calls [11 per day], it will be impossibly slow, and you will hit API rate limit very quickly, so it would fail anyway)

• Removed workaround to allow non-Duotone icons in admin navigation for XenForo 2.3 (fixed in XF core)
• Added new Cloudflare setting (under Security): Replace insecure JavaScript libraries
• Changed verbiage to be worded better when setting up API token initially

• Removed Brotli compression setting (it's now always on in Cloudflare)
• Removed Minify settings (they have been deprecated and will be removed from Cloudflare soon)
• Removed Server-side Exclude setting (it has been deprecated and will be removed from Cloudflare soon)
• Added option to create Firewall Rule to block AI scrapers & crawlers
• Updated Chart.js library to 4.4.3