@nodeart/cloudflare-provisioning 1.0.1 → 1.0.3

package/cloudflare.js

@@ -5,8 +5,9 @@ const { request } = require('undici')
 const CLOUDFLARE_API_URL = 'https://api.cloudflare.com/client/v4/'
 
 class CloudFlare {
-  constructor (zoneId, options) {
+  constructor (zoneId, domain, options) {
     this.zoneId = zoneId
+    this.domain = domain
 
     this.authorizationHeaders = null
     if (options.email !== undefined && options.apiKey !== undefined) {
@@ -189,6 +190,26 @@ class CloudFlare {
     return response
   }
 
+  async getFirewallRules () {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules`
+
+    const { statusCode, body } = await request(url, {
+      method: 'GET',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      }
+    })
+
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not get firewall rules: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
+
+    return response
+  }
+
   async createFirewallRule (firewallRule) {
     const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules`
 
@@ -210,15 +231,43 @@ class CloudFlare {
     return response
   }
 
-  async createFirewallRules (firewallRules) {
-    const results = await Promise.allSettled(firewallRules.map(firewallRule => this.createFirewallRule(firewallRule)))
+  async updateFirewallRule (id, firewallRule) {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules/${id}`
 
-    for (let i = 0; i < results.length; i++) {
-      const result = results[i]
-      const firewallRule = firewallRules[i]
+    const { statusCode, body } = await request(url, {
+      method: 'PATCH',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify(firewallRule)
+    })
 
-      if (result.status === 'rejected') {
-        console.log(`Could not create firewallRule route ${JSON.stringify(firewallRule)}: ${result.reason}\n`)
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not update a firewall rule: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
+
+    return response
+  }
+
+  async rewriteFirewallRules (firewallRules) {
+    const currentFirewallRules = await this.getFirewallRules()
+
+    for (const firewallRule of firewallRules) {
+      const currentFirewallRule = currentFirewallRules.result.find(
+        rule => rule.description === firewallRule.description
+      )
+
+      try {
+        if (currentFirewallRule) {
+          await this.updateFirewallRule(currentFirewallRule.id, firewallRule)
+        } else {
+          await this.createFirewallRule(firewallRule)
+        }
+      } catch (error) {
+        console.error(`Could not update firewall rule for domain ${this.domain}: ${JSON.stringify(firewallRule)}, error: ${error}`)
       }
     }
   }
@@ -476,7 +525,7 @@ class CloudFlare {
           await this.createPageRule(pageRule)
         }
       } catch (error) {
-        console.log(`Could not update or create page rule: ${error.message}\n`)
+        console.log(`Could not update or create page rule for domain ${this.domain}: ${error.message}\n`)
       }
     }
   }
@@ -530,7 +579,7 @@ class CloudFlare {
       const workerRoute = workerRoutes[i]
 
       if (result.status === 'rejected') {
-        console.log(`Could not create worker route ${JSON.stringify(workerRoute)}: ${result.reason}\n`)
+        console.log(`Could not create worker route for domain ${this.domain} ${JSON.stringify(workerRoute)}: ${result.reason}\n`)
       }
     }
   }
@@ -583,7 +632,7 @@ class CloudFlare {
       const routeId = routeIds[i]
 
       if (result.status === 'rejected') {
-        console.log(`Could not delete worker route ${routeId}: ${result.reason}\n`)
+        console.log(`Could not delete worker route for domain ${this.domain} ${routeId}: ${result.reason}\n`)
       }
     }
   }

package/index.js

@@ -9,7 +9,7 @@ const cloudflareSettingsHandlers = {
   emailObfuscation: CloudFlare.prototype.setEmailObfuscation,
   brotli: CloudFlare.prototype.setBrotli,
   dnsRecords: CloudFlare.prototype.rewriteDNSRecords,
-  firewallRules: CloudFlare.prototype.createFirewallRules,
+  firewallRules: CloudFlare.prototype.rewriteFirewallRules,
   polish: CloudFlare.prototype.setPolish,
   minify: CloudFlare.prototype.setMinify,
   http2Prioritization: CloudFlare.prototype.setHTTP2Prioritization,
@@ -52,7 +52,7 @@ async function applyCloudflareSettings (config) {
       ? { email: accountEmail, apiKey: accountKey }
       : { token: site.token }
 
-    const cloudFlare = new CloudFlare(zoneId, options)
+    const cloudFlare = new CloudFlare(zoneId, site.domain, options)
     const domainSettings = substituteDomainName(settings, site.domain)
 
     for (const [key, value] of Object.entries(domainSettings)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodeart/cloudflare-provisioning",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "",
   "main": "index.js",
   "scripts": {

package/template.js

@@ -12,28 +12,6 @@ module.exports = {
           expression: '(cf.client.bot and not http.request.uri.path contains ".well-known")'
         }
       }
-    ],
-    bypassCMSApi: [
-      {
-        description: 'bypass cms api with proxy',
-        action: 'bypass',
-        products: ['uaBlock', 'bic', 'securityLevel'],
-        filter: {
-          enabled: true,
-          expression: '(http.request.uri.path contains "/api/cms/pages" and http.user_agent eq "sitemap-generator-ss") or (http.request.uri.path eq "/api/info/locales" and http.user_agent eq "sitemap-generator-ss")'
-        }
-      }
-    ],
-    allowHotlinkFromKingtraf: [
-      {
-        description: 'allow hotlink from kingtraf',
-        action: 'bypass',
-        products: ['hot'],
-        filter: {
-          enabled: true,
-          expression: '(http.referer contains "kingtraf.com")'
-        }
-      }
     ]
   },
   speedOptimization: {
@@ -44,30 +22,6 @@ module.exports = {
     prefetchURLs: 'on'
   },
   workers: {
-    sitemapCurasao: {
-      pattern: '*$DOMAIN/sitemap.xml*',
-      script: 'sitemap-curasao'
-    },
-    sitemapMalta: {
-      pattern: '*$DOMAIN/sitemap.xml*',
-      script: 'sitemap-malta'
-    },
-    sitemapAustralia: {
-      pattern: '*$DOMAIN/sitemap.xml*',
-      script: 'sitemap-xml-au'
-    },
-    robotsCurasao: {
-      pattern: '*$DOMAIN/robots.txt*',
-      script: 'kingbillycasinocom-robotstxt'
-    },
-    robotsMalta: {
-      pattern: '*$DOMAIN/robots.txt*',
-      script: 'kingbillycom-robotstxt'
-    },
-    robotsAustralia: {
-      pattern: '*$DOMAIN/robots.txt*',
-      script: 'robots_block_seo'
-    },
     disableApi: {
       pattern: '*$DOMAIN/api/*',
       script: null
@@ -102,7 +56,7 @@ module.exports = {
     },
     dataExportCache: {
       targets: [{ target: 'url', constraint: { operator: 'matches', value: 'https://www.$DOMAIN/export/*' } }],
-      actions: [{ id: 'cache_level', value: 'bypass' }],
+      actions: [{ id: 'cache_level', value: 'bypass' }, { id: 'origin_error_page_pass_thru', value: 'on' }],
       status: 'active'
     },
     rootForward: {
@@ -112,7 +66,7 @@ module.exports = {
     },
     ia: {
       targets: [{ target: 'url', constraint: { operator: 'matches', value: '*ia.$DOMAIN/*' } }],
-      actions: [{ id: 'disable_security' }, { id: 'cache_level', value: 'bypass' }],
+      actions: [{ id: 'disable_security' }, { id: 'cache_level', value: 'bypass' }, { id: 'ssl', value: 'flexible' }],
       status: 'active'
     }
   },
@@ -126,6 +80,6 @@ module.exports = {
     argoSmartRouting: 'on'
   },
   scrapeShield: {
-    hotlinkProtection: 'off'
+    hotlinkProtection: 'on'
   }
 }