Class: CloudflareIpListSyncWorker

Inherits:
Object
  • Object
show all
Includes:
Sidekiq::Job
Defined in:
app/workers/cloudflare_ip_list_sync_worker.rb

Overview

Hourly sync of CRM employee sign-in IPs to the Cloudflare $warmlyyours_users IP list.

The "Always Allow WY Users" Cloudflare WAF rule skips security checks for IPs in this
list. Without it, employees outside US/CA (e.g. India via IPv6) hit SBFM challenges
and managed WAF checks on every CRM page load, causing Turbo Frame navigation stalls.

Uses PUT (full replacement) so stale IPs naturally drop when employees haven't signed
in within 15 days (matching IpDetector's base_scope window).

Runs hourly on the hour via sidekiq-cron, plus on-demand after employee
sign-in via Events::EmployeeSignedIn. Idempotent — safe to re-run.

Instance Method Summary collapse

Instance Method Details

#performObject 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'app/workers/cloudflare_ip_list_sync_worker.rb', line 27

def perform
  items = IpDetector.instance.cloudflare_ip_list_items

  if items.empty?
    Rails.logger.warn "[CloudflareIpListSyncWorker] No IPs to sync — skipping"
    return
  end

  service = CloudflareRulesService.instance
  list_id = service.find_list_id_by_name(CloudflareRulesService::WARMLYYOURS_USERS_LIST_NAME)
  result  = service.replace_ip_list_items(list_id, items)

  if result.is_a?(Hash) && result[:error]
    # Account-plan limitations (Cloudflare error `10007:
    # entitlements.not_available`) are permanent state — retrying or
    # paging on every hourly run is pure noise (AppSignal #5300).
    # Surface other errors normally so retry + sidekiq_retries_exhausted
    # can do their job.
    if result[:error].to_s.include?('entitlements.not_available')
      Rails.logger.warn "[CloudflareIpListSyncWorker] Cloudflare account lacks the IP-list entitlement; skipping sync (#{result[:error]})"
      return
    end

    raise "Cloudflare IP list sync failed: #{result[:error]}"
  end

  Rails.logger.info "[CloudflareIpListSyncWorker] Synced #{items.size} IPs to $warmlyyours_users (list #{list_id})"
end