[DigitalPoint] App for Cloudflare® v1.8.2

• Can use R2 for storage without site being a domain/zone in Cloudflare
• Made change to XenForo's attachment data entity to be more efficient (normally XenForo checks if an attachment exists before making an additional call to actually get it). This will reduce an API call for every attachment view because we don't need to check if the attachment exists (we know it does already because we have a record of it in attachment data).
• Added new option: Use presigned URLs for attachments stored in R2 (allows attachments stored in R2 to be viewed directly by the user, rather than you server needing to download the attachment to pass it through to the user)

The presigned URL thing is particularly interesting... a remote storage system like R2 has your server checking user permissions to see if a user can view something, then it makes an API call to fetch the file/object and then passes that through to the user.

As an example, if you have a 10MB attachment, your server first needs to download 10MB and then it sends that 10MB to the end user (so there's the time it takes to download the attachment from R2 and as well as 20MB total bandwidth happening on your server... 10MB in, then 10MB out). With presigned URLs, your server does the permission check and then if the user has permission to view the attachment, the user is redirected to a unique URL that expires in 60 seconds to fetch the attachment. This means attachments are viewed faster for end-users and your server isn't wasting bandwidth passing it through to the user.

Presigned URLs that expire and can't be changed by users is done with cryptographic signing (hence the name, presigned URLs).

NAS

NA

• Fixed issue with creating Turnstile site via API (Cloudflare updated schema for API call)
• Added ASN support when creating IP address rules
• Cache Cloudflare zone/domain (makes it so an API call is not necessary on the admin index page to build deeplink to your zone in your Cloudflare account)

NA

• Added check to make sure the site's hostname has at least one dot in it when determining Cloudflare zone ID (things like "localhost" are not valid Cloudflare zones)
• Fetch up to 1,000 R2 buckets per account with API call instead of the default of 20
• If API permissions get revoked on accident, don't throw exception about it on main admin index (admin index won't break if API permissions went away for some reason)

• Better handling of stats rebuilding when rebuilding all stats for the site (from cache rebuild)
• Check if Cloudflare account ID is missing when generating R2 bucket URL and add a server error log if that's the case (if an API token has insufficient permissions, you could end up with a missing account ID, which would in turn make R2 functions not work).
• Backup option works properly again with Firewall rules (forgot to convert that to the new Ruleset API that the firewall uses
• Added check to make sure none of the Cloudflare daily stats are somehow giving a negative number

• Better handling of situation where someone deleted R2 bucket in Cloudflare's dashboard but didn't disconnect that bucket from being used by XenForo yet.
• Fixed issue where we were assuming there was a firewall ruleset for firewall rules (not always the case, so don't assume it exists).
• Fixed issue with logging daily stats if a site isn't using Turnstile for CAPTCHAs
• Requires XF 2.1.0+ (always was the case technically, installer enforces it now)

IMPORTANT for existing users: A change to Firewall API calls requires a new API permission to be able to set it. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Zone.Zone WAF: Edit

The Firewall API has been deprecated and turned into a Ruleset API, so no way around the new permission (sorry).

Changes:

• Fixed missing padding on timeframe selector on DMARC management page
• Added missing phrase missing_cloudflare_authentication_info
• If there is no Cloudflare authentication token set (new install normally), don't try to show the stats block
• Fixed issue where deeplink generated for DMARC management would include sub-domain of site rather than just the domain/zone.
• Links for Turnstile settings and analytics work again (Cloudflare made an unannounced changed to API, so conforming to new API schema)
• Fixed reversed label on DMARC chart
• Fixed issue with approved DMARC sources showing in the unapproved sources report
• Fixed sorting issue on DMARC sources report
• Made internals of Country blocking case-insensitive for country codes
• Migrated Firewall API calls to new Ruleset API
• New Cloudflare daily stats (in XenForo's normal statistics area):
  • Unique visitors
  • Requests
  • Data served
  • Data cached
  • Threats
  • Turnstile challenges
  • Turnstile interactive solves
  • Turnstile non-interactive solves
  • Turnstile unsolved
  • R2 class A operations
  • R2 class B operations

• Consolidated buttons for new firewall rules into a menu
• Consolidated buttons for new cache rules into a menu
• Stop click propagation when clicking on link to Cloudflare in stats block header (prevents block from hiding/showing when you are just trying to go to Cloudflare dashboard)
• Viewing statistics block on main admin page requires admin permission viewAnalytics (not the permission for managing cloudflare) and block is hidden if the user doesn't have the necessary permission
• Added check to avoid division by zero errors in a case where Cloudflare reports an impossible scenario (cached traffic for a time period, but total traffic for that same time period is 0)
• New option: Show Cloudflare statistics
• Added DMARC management section. Ability to monitor emails being sent by third parties (includes week/month chart as well as table of unapproved sources sending emails)
• Fixed some text not being phrased in the stats block