Class: CloudflareIpListSyncWorker

Inherits:
Object
  • Object
show all
Includes:
Sidekiq::Worker
Defined in:
app/workers/cloudflare_ip_list_sync_worker.rb

Overview

Hourly sync of CRM employee sign-in IPs to the Cloudflare $warmlyyours_users IP list.

The "Always Allow WY Users" Cloudflare WAF rule skips security checks for IPs in this
list. Without it, employees outside US/CA (e.g. India via IPv6) hit SBFM challenges
and managed WAF checks on every CRM page load, causing Turbo Frame navigation stalls.

Uses PUT (full replacement) so stale IPs naturally drop when employees haven't signed
in within 15 days (matching IpDetector's base_scope window).

Runs hourly on the hour via sidekiq-cron, plus on-demand after employee
sign-in via Events::EmployeeSignedIn. Idempotent — safe to re-run.

Instance Method Summary collapse

Instance Method Details

#performObject 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'app/workers/cloudflare_ip_list_sync_worker.rb', line 27

def perform
  items = IpDetector.instance.cloudflare_ip_list_items

  if items.empty?
    Rails.logger.warn "[CloudflareIpListSyncWorker] No IPs to sync — skipping"
    return
  end

  service = CloudflareRulesService.instance
  list_id = service.find_list_id_by_name(CloudflareRulesService::WARMLYYOURS_USERS_LIST_NAME)
  result  = service.replace_ip_list_items(list_id, items)

  if result.is_a?(Hash) && result[:error]
    raise "Cloudflare IP list sync failed: #{result[:error]}"
  end

  Rails.logger.info "[CloudflareIpListSyncWorker] Synced #{items.size} IPs to $warmlyyours_users (list #{list_id})"
end