[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.2

No permission to download
Overview FAQ Updates (51) Reviews (18) History Discussion
digitalpoint said:
There’s more going on than just inserting the token to the options table. It’s doing a couple backend API calls when you set it to get some info it needs like account ID and zone ID. So programmatic insertion of tokens isn’t going to work as expected unless you also are going to do the “extra stuff” as well.
Click to expand...
I expected as much. Is there a query I can do for the extra stuff as well? My test sites are made from a snapshot of the live site. Then I have some scripts that modify config files and db queries that change the site URL, SMTP server, and some other things. In this case the account ID would likely be the same, but it is a different zone ID.
 
dougdirac said:
I expected as much. Is there a query I can do for the extra stuff as well? My test sites are made from a snapshot of the live site. Then I have some scripts that modify config files and db queries that change the site URL, SMTP server, and some other things. In this case the account ID would likely be the same, but it is a different zone ID.
Click to expand...
The option itself could be written to with a query, but for any option in XenForo, there's more to it internally. For example after an option is written (as intended via XenForo's entity system), it then automatically rebuilds the option cache.

So no matter what, if you are writing options via a SQL query, you would also need to trigger PHP code to rebuild the option cache. At which point, you may as well just write the option via PHP with the entity system, and then the "underneath" stuff is handled automatically. If you do programmatically set the token ID, the code you would want to run afterwards (to do the extra stuff related to Cloudflare) is:
PHP: 
\XF::repository('DigitalPoint\Cloudflare:Cloudflare')->verifyToken();

TL;DR: you can't simply run queries to change XenForo options without also running code to rebuild caches (XenForo reads the options from it's option cache, not from the database).
 
Is there a way to bring attachments back should we not wish to continue serving them through cloudflare in the future?
 
Well... I left out
  • Zone.SSL and Certificates: Edit,
    • Account.Access: Organizations, Identity Providers, and Groups: Read
    • Account.Account Analytics: Read
    • Account.Allow Request Tracer: Read
      Account.Intel: Read

So, if my addon breaks it's not your fault.
 
⭐ Alex ⭐ said:
Well... I left out
  • Zone.SSL and Certificates: Edit
Click to expand...
Needed for some of the SSL/TLS related options you can control. Off the top of my head, I think it was the Certificate Transparency Monitoring setting. You'll probably get a permission error thrown when you try to look at the Cloudflare settings page. If you enable debugging in your XenForo setup, that error will give specific details about the endpoint it can't access.

⭐ Alex ⭐ said:
  • Account.Access: Organizations, Identity Providers, and Groups: Read
Click to expand...
Needed if you want to auto-configure Zero Trust Network Access to protect your admin area (it checks to make sure you have an identity provider setup in Cloudflare Zero Trust). If there is one, it can proceed to do the actual config (you need one in order to use it), if there isn't one, it will give you a link to first config an identity provider.

⭐ Alex ⭐ said:
  • Account.Account Analytics: Read
Click to expand...
Needed for account-level statistics...info about R2 buckets and Turnstile stats for example. Used on the R2 screen to give you stats about the buckets you are using as well as compiling daily stats for you to view in XenForo statistics area. Turnstile and R2 are handled at Cloudflare account level, not zone level (you don't need a Cloudflare zone to use them).

1698599152478.png
⭐ Alex ⭐ said:
  • Account.Allow Request Tracer: Read
Click to expand...
Allows the "HTTP request trace" tool to work.

⭐ Alex ⭐ said:
  • Account.Intel: Read
Click to expand...
Allows the "IP address details", "Domain details" and "WHOIS" tools to work.

⭐ Alex ⭐ said:
So, if my addon breaks it's not your fault.
Click to expand...
It will definitely break... the permissions the addon requests are the minimum required to use it (fully). But just FYI when you can't use the Tools or manage settings or other things because you get permission errors, now you know why. :)
 
Also if you (or anyone else) is curious about any of the other permissions, I just made this and I'll keep it up to date as needed:

appforcf.com

Permissions needed for App for Cloudflare®

App for Cloudflare® requests the minimum needed permissions to fully use all the functions it can do. For those curious about why it needs a specific permission, these are all the permissions it needs and why: Account.Access: Apps and Policies: Edit Allows Zero Trust Network Access...
appforcf.com appforcf.com
 
digitalpoint said:
Also if you (or anyone else) is curious about any of the other permissions, I just made this and I'll keep it up to date as needed:

appforcf.com

Permissions needed for App for Cloudflare®

App for Cloudflare® requests the minimum needed permissions to fully use all the functions it can do. For those curious about why it needs a specific permission, these are all the permissions it needs and why: Account.Access: Apps and Policies: Edit Allows Zero Trust Network Access...
appforcf.com appforcf.com
Click to expand...
Perfect! Thank you. :) Could you edit your FAQ section and add in something of the sort?


How does the app use the API permissions?

Check the detailed thread on my website for more information: https://appforcf.com/threads/permissions-needed-for-app-for-cloudflare®.3/
 
⭐ Alex ⭐ said:
Perfect! Thank you. :) Could you edit your FAQ section and add in something of the sort?


How does the app use the API permissions?

Check the detailed thread on my website for more information: https://appforcf.com/threads/permissions-needed-for-app-for-cloudflare®.3/
Click to expand...
Ya, just haven’t had an opportunity yet. Also thinking if it just makes sense to have the link in the addon itself where you configure the permissions since everyone would see that, not everyone would read the FAQ.
 
digitalpoint said:
Ya, just haven’t had an opportunity yet. Also thinking if it just makes sense to have the link in the addon itself where you configure the permissions since everyone would see that, not everyone would read the FAQ.
Click to expand...
Even better better! We could have both that way someone who hasn't yet installed the addon can get it from the FAQ section and that transparency can make them feel more comfortable installing it, and someone who has the addon will see it directly when generating the API Key and won't think twice about breaking their installation by providing less than the minimum permissions. :ROFLMAO:
 
One thing I am wondering:

1698610610558.webp

If I leave the subdomain blank, does that mean it covers the main domain and all subdomains, or do I need to add a wildcard like in this example here?
 
Wildcat Media said:
One thing I am wondering:

View attachment 293176

If I leave the subdomain blank, does that mean it covers the main domain and all subdomains, or do I need to add a wildcard like in this example here?
Click to expand...
Nothing to do with this addon, but…

developers.cloudflare.com

Application paths · Cloudflare Zero Trust docs

Application paths define the URLs protected by an Access policy. When adding a self-hosted web application to Access, you can choose to protect the …
developers.cloudflare.com
 
These links don't work perfectly:

1698627911631.png

They lead to https://dash.cloudflare.com/numbers/r2/overview/buckets/my-bucket and there's some API errors displayed on this page.

When I'm viewing my bucket from the dash the proper URL has default instead of overview :

https://dash.cloudflare.com/numbers/r2/default/buckets/my-bucket

Also not sure if all those 0's for internal data bucket is a bad sign, it shows 1K Class A operations on CF's side. But it looks fine after I re-enabled the bucket in the future (see below).

Also, I had a problem in my XF code_cache that made all the phrases not finish compiling.

1698628553582.webp

After I fixed my problem I tried to rebuild the addon but it didnt fix so I had to uninstall the addon then install it again. (What a great opportunity to remake the API Key : ) ) And now when Im in R2, I can't automatically configure because the subdomain exists already. Maybe it can just prompt to delete and recreate in this page. Thats what I ended up doing so that it can just do its thing.

1698629445318.webp

Thank you so much for making this. R2 feels so much lighter than S3, there's a simple the bucket's public or it's not. My entire forum installation feels much lighter now thanks to the simplicity of your cloudflare addon.

Definitely if someone's not using cloudflare they are probably doing it wrong.
 
Am I missing a one click install for Turnstile into, say the registration page?

Edit: Oh, the addon added that button underneath turnstile. Got it! Nice auto setup!
 
⭐ Alex ⭐ said:
These links don't work perfectly:

View attachment 293187

They lead to https://dash.cloudflare.com/numbers/r2/overview/buckets/my-bucket and there's some API errors displayed on this page.

When I'm viewing my bucket from the dash the proper URL has default instead of overview :

https://dash.cloudflare.com/numbers/r2/default/buckets/my-bucket
Click to expand...
Ya, the new location in Cloudflare has already been updated for the next version (was just a change on Cloudflare's side). I can't control if they change existing URLs in their dashboard, I can only update them as they happen.

⭐ Alex ⭐ said:
Also not sure if all those 0's for internal data bucket is a bad sign, it shows 1K Class A operations on CF's side. But it looks fine after I re-enabled the bucket in the future (see below).

Also, I had a problem in my XF code_cache that made all the phrases not finish compiling.

View attachment 293189
Click to expand...
Can't really fix that with anything on this end. The phrase and template rebuilding phase of addon installation is done by XenForo core. So if it failed for whatever reason, it's still XenForo core that needs to actually do it one way or another. Why it failed might be worrisome if it's happening to you a lot, but whatever that reason is is outside the scope of any addon itself. Maybe the addon didn't get fully installed somehow and was missing the phrase xml file... but then why would some phrases be there and not others? Not really sure.

⭐ Alex ⭐ said:
After I fixed my problem I tried to rebuild the addon but it didnt fix so I had to uninstall the addon then install it again. (What a great opportunity to remake the API Key : ) ) And now when Im in R2, I can't automatically configure because the subdomain exists already. Maybe it can just prompt to delete and recreate in this page. Thats what I ended up doing so that it can just do its thing.

View attachment 293191
Click to expand...
Well, it does say, "This subdomain should not already exist."... So if it's an existing bucket that already has the subdomain attached that you want attached to it, you don't need to tell it to configure the public subdomain (uncheck the box to do it since it's already done). But even then if you do do it, it won't break anything, it will just let you know the domain was already in use when it tried to create that subdomain (it won't try to undo everything else... so it should still all work fine if you ignore the message).

As far as trying to handle a subdomain already in use error in a different way, I'm not really sure you would want to. What if you tried to assign a subdomain that was simply in use by some other part of your site... would you really want us to go in and delete that DNS entry that was already there and replace it?

In my opinion, doing what it does (telling you it needs to not already be in use, letting you know if it was already in use, but still doing all the other parts and not halting the process if it was in use) is probably still the best approach. Then you can decide what to do about it (if anything) rather than rely on a one-size fits all action to take if it was in use. Like what if you put the root of your domain in there and simply forgot the subdomain... it wouldn't seem like a great idea to mess with your DNS, delete the apex record for your domain for the normal site and replace it with the URL of an R2 bucket.

⭐ Alex ⭐ said:
Thank you so much for making this. R2 feels so much lighter than S3, there's a simple the bucket's public or it's not. My entire forum installation feels much lighter now thanks to the simplicity of your cloudflare addon.
Click to expand...
Yep, no worries... :)

⭐ Alex ⭐ said:
Definitely if someone's not using cloudflare they are probably doing it wrong.
Click to expand...
Ya, I'd agree with that... in fact, I'm pretty sure I said exactly that a few times regarding Cloudflare. :)
 
@digitalpoint I know there was an issue with caching s3 files on cloudflare because it gives access without obeying the forum permissions. Is that the same scenario with R2 when its cached or will it follow xenforo permissions?
 
amnesiac828 said:
@digitalpoint I know there was an issue with caching s3 files on cloudflare because it gives access without obeying the forum permissions. Is that the same scenario with R2 when its cached or will it follow xenforo permissions?
Click to expand...
Same problem. Take a look at these two options in digital point's addon:

1698688588252.png

and

1698688614441.png


So, you should disable cache media attachments but enable pre-signed URLs for optimal forum performance.
 
You must log in or register to reply here.

Similar threads

N
[DigitalPoint] App for Cloudflare® - FRENCH translation
Replies
8
Views
840
Ozzy47
Ozzy47
digitalpoint
App for Cloudflare (appforcf.com)
Replies
12
Views
1K
securedme
securedme
Top Bottom