[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.8

No permission to download
digitalpoint updated [DigitalPoint] Cloudflare with a new update entry:

Turnstile API integration

This adds some functionality to Cloudflare's Turnstile captcha option added to XenForo 2.2.12.

IMPORTANT for existing users: The new Turnstile functions require a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the Account.Turnstile: Edit permission.


One-click Turnstile site creation

You can...

Read the rest of this update entry...
 
So, I am not on the latest XenForo. But I updated the addon. And now I am getting this on most addon settings pages!
There really shouldn't be anything that causes something like that that I can think of. There are no additional API requests that happen in the scenario where your XenForo doesn't support Turnstile. And if it does, it only makes an API request as needed (definitely not on options pages that have nothing to do with Cloudflare).

That being said, obviously something is going on...

In theory, the only place Turnstile related API calls should be made is if you are viewing an options page with the captcha options (by default it's on 3 options pages: Basic options, User registration and Spam management). But even then it should only make those calls if the Turnstile option is available in your captcha options.

Did you add the new permission to your token already? Even though I can't think of a scenario where a Turnstile API call would be made for you, it's not outside the realm of possibility that it's happening somewhere I can't think of. I vaguely remember reading something once about the Cloudlfare API where it has a secondary rate limit that gets applied temporarily if you are making API calls without the right permissions. However, even if that's the case, the add-on should throw an exception about insufficient permissions.
 
added that permission. waited a few minutes. and it seems alright now! thanks!
I guess there's the possibility of it being coincidental because like I said, it shouldn't be making ANY Turnstile API calls in your case (and more specifically API calls are all the same as the prior version if you don't have Turnstile in your XenForo), and even if it was for some reason, you should have gotten a different error (a permission exception).

While not related to the new version, a couple other things to check... are you using Client IP Address Filtering by chance for your API Token?

1670526555101.png

Googled and ran across some people that ran into the same error and some of the things they were thinking:
  • The IP of their server was part of a subnet (the hosting provider) that was "grey-listed" and that IP block had a special rate limit applied until they went out of their way to add just their server IP to the Client IP Address Filtering.
  • Someone else thought their token might have been stolen and someone was running a ton of API requests from a different machine.
Either way, if your server IP address doesn't change, it wouldn't be a bad idea (purely for security) to if that IP address filtering option since it's effectively a whitelist of who's actually allowed to use it.
 
I was getting the same error again lol. Anyways. I added both my IPs in the same api token and it seems to be loading fine right now.
 
Unrelated to the update, but if you use Cloudflare (which everyone using this add-on is), I posted a thread about Cloudflare optimizations a few days ago that might be worth reading:

 
I wonder if R2 can now be used without modifying the code provided by XenForo developers 🥺
Not sure, but coincidentally, giving a UI for R2 integration is already something on my to-do list for this add-on.

Scoping that out is the reason I posted this suggestion yesterday about more granularity about the file system XenForo uses (right now it's an all or nothing setup for data and internal_data which sucks):


But ya... I need to solve that issue first (even if it's internal addon just for me) before I want to muck with making R2 configuration as simple as a click.
 
I already set this up through CloudFlare before this update and have already set the site key and secret key. I'm still getting the "Setup in Cloudflare" options and no "Settings" or "Analytics". I have already added the permission to the API token.
 
Do you have the site key and secret key saved in your captcha settings? That should be the only thing that affects which buttons show. It doesn’t try to auto-populate the keys unless it. Rested the Turnstile site itself. So if you created it manually, you’ll need to enter the keys manually as well.
 
Do you have the site key and secret key saved in your captcha settings? That should be the only thing that affects which buttons show. It doesn’t try to auto-populate the keys unless it. Rested the Turnstile site itself. So if you created it manually, you’ll need to enter the keys manually as well.
The keys are already set and saved. Unless you recommend that I remove them and add them in again?

The buttons are not showing up and still seeing the "Setup in Cloudflare" button. I've even tried saving it again but not luck.
 
The keys are already set and saved. Unless you recommend that I remove them and add them in again?

The buttons are not showing up and still seeing the "Setup in Cloudflare" button. I've even tried saving it again but not luck.
Skimming through the code to see what could cause something like that... and as far as I can tell, the only situation where you would see that is where there's a typo in the hostname or you set up Turnstile on the wrong Cloudflare account (a single Cloudflare login can access multiple Cloudflare accounts).

The logic flow is like so:

It gets your site's hostname from your XenForo config (the Board URL from Basic options) and then finds the zone ID for that domain. Then it takes that zone ID and finds the correct Cloudflare account ID for that zone (most people probably just have a single account ID unless other Cloudflare accounts have granted them access to their account too).

Once it has the account ID, it's queries for Turnstile widgets on that Cloudflare account and looks for the one that (again) matches the hostname from your Board URL option. If it finds one, then you get the buttons for Settings/Analytics.

Now... if you created a Turnstile site that has a different hostname than what you have in Board URL, that will be a problem. Just to be clear, I'm talking about hostname, not domain name necessarily. So if your Board URL is www.joyfreak.com and you setup a Turnstile site to not exactly match that (like you don't have www. in it and are just using the domain), it will not find it. Again... hostname in Board URL needs to match what you have setup as a Turnstile site exactly for the matching to work.
 
Skimming through the code to see what could cause something like that... and as far as I can tell, the only situation where you would see that is where there's a typo in the hostname or you set up Turnstile on the wrong Cloudflare account (a single Cloudflare login can access multiple Cloudflare accounts).

The logic flow is like so:

It gets your site's hostname from your XenForo config (the Board URL from Basic options) and then finds the zone ID for that domain. Then it takes that zone ID and finds the correct Cloudflare account ID for that zone (most people probably just have a single account ID unless other Cloudflare accounts have granted them access to their account too).

Once it has the account ID, it's queries for Turnstile widgets on that Cloudflare account and looks for the one that (again) matches the hostname from your Board URL option. If it finds one, then you get the buttons for Settings/Analytics.

Now... if you created a Turnstile site that has a different hostname than what you have in Board URL, that will be a problem. Just to be clear, I'm talking about hostname, not domain name necessarily. So if your Board URL is www.joyfreak.com and you setup a Turnstile site to not exactly match that (like you don't have www. in it and are just using the domain), it will not find it. Again... hostname in Board URL needs to match what you have setup as a Turnstile site exactly for the matching to work.
This was helpful, thanks! I managed to fix it by adding in the www.
 
Looks like I am also hitting request limit on using the spam cleaner feature. 🤦‍♂️

Code:
An exception occurred: [XF\PrintableException] 971: Please wait and consider throttling your request speed in src/addons/DigitalPoint/Cloudflare/Api.php on line 517
#0 src/addons/DigitalPoint/Cloudflare/Api.php(149): DigitalPoint\Cloudflare\Api->makeRequest('get', 'zones', Array)
#1 src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php(624): DigitalPoint\Cloudflare\Api->listZones('ZONENAME....')
#2 src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php(1034): DigitalPoint\Cloudflare\Repository\Cloudflare->getZoneId('ZONENAME....')
#3 src/addons/DigitalPoint/Cloudflare/XF/Pub/View/SpamCleaner/CheckIps.php(27): DigitalPoint\Cloudflare\Repository\Cloudflare->addFirewallAccessRule('86.33.72.9', '', 'block', 'Used by spammer...', 7)
#4 src/XF/Mvc/Renderer/AbstractRenderer.php(91): DigitalPoint\Cloudflare\XF\Pub\View\SpamCleaner\CheckIps->renderJson()
#5 src/XF/Mvc/Renderer/Json.php(63): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('XF:SpamCleaner\\...', 'public:spam_cle...', Array)
#6 src/XF/Mvc/Dispatcher.php(458): XF\Mvc\Renderer\Json->renderView('XF:SpamCleaner\\...', 'public:spam_cle...', Array)
#7 src/XF/Mvc/Dispatcher.php(440): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#8 src/XF/Mvc/Dispatcher.php(400): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Json), Object(XF\Mvc\Reply\View))
#9 src/XF/Mvc/Dispatcher.php(58): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'json')
#10 src/XF/App.php(2344): XF\Mvc\Dispatcher->run()
#11 src/XF.php(512): XF\App->run()
#12 index.php(20): XF::runApp('XF\\Pub\\App')
#13 {main}
 
How much are you using the spam cleaner and blocking IPs??? I think it would have to be a lot (like multiple times per second) somehow)…
 
3-4 times in a week usually lol. I guess I am hitting Cloudflare api agressively in some other way 🫥
Ya, that's not enough to be an issue. haha

Here's a couple things to check that I can think of...

Look in your xf_job table and see if you have a whole bunch of things with a trigger_date in the past somehow (say less than 1670548600). Maybe the jobs that remove temporary IP blocks aren't getting removed from XenForo's job queue somehow and are just piling up and each are running over and over continuously?

In your Cloudlfare account, go to Manage Account -> Audit Log. In there you should be able to see any API call that is an update or a write. Do you see anything odd going on in there?
 
Back
Top Bottom