Skip to content

Commit 17ccd4b

Browse files
hotfix for #217
1 parent 0f7a482 commit 17ccd4b

3 files changed

Lines changed: 38 additions & 14 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

88
---
9-
## [v3.0.2] - 2025-09-27
9+
10+
## [v3.0.1] (Hotfixes) - 2025-09-27
1011

1112
### Fixed
12-
- **IP Whitelist Access Policies:** Corrected an issue where IP-based access policies were not working as expected. The system now correctly creates a `bypass` rule for IP whitelists and a separate `allow` rule for email-based authentication, ensuring whitelisted IPs can access services without an additional authentication step. (raised by @durzo #216)
13+
- **IP Whitelist Access Policies:** Corrected an issue where IP-based access policies were not working as expected. DockFlare now correctly creates a `bypass` rule for IP whitelists and a separate `allow` rule for email-based authentication, ensuring whitelisted IPs can access services without an additional authentication step.
14+
- **Access Policy Updates:** Fixed a bug where updating an existing ingress rule's Access Policy would fail with an "application already exists" error. DockFlare now correctly updates the existing Cloudflare Access application instead of trying to create a new one.
15+
- **API Error Logging:** Reduced the severity of the log message for a `403 Forbidden` error when fetching a user's email. This is an expected and non-critical error when using a scoped API token.
16+
(raised by @durzo issue tracker #216 #217)
1317

1418
---
1519
## [v3.0.1] - 2025-09-26

dockflare/app/core/access_manager.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,10 @@ def get_cloudflare_account_email():
9090
logging.warning(f"Failed to fetch Cloudflare account email, API call unsuccessful. Response: {response_data}")
9191
return None
9292
except requests.exceptions.RequestException as e:
93-
logging.error(f"API error fetching Cloudflare account email: {e}")
93+
if hasattr(e, 'response') and e.response is not None and e.response.status_code == 403:
94+
logging.info("Could not fetch Cloudflare account email due to permissions. This is expected if using a scoped API token without User.Read permissions. The TLD policy feature will be disabled.")
95+
else:
96+
logging.error(f"API error fetching Cloudflare account email: {e}")
9497
return None
9598
except Exception as e:
9699
logging.error(f"Unexpected error fetching Cloudflare account email: {e}", exc_info=True)

dockflare/app/web/routes.py

Lines changed: 28 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1296,14 +1296,23 @@ def ui_add_manual_rule_route():
12961296
]
12971297
cf_access_policies.append({"name": "UI Deny Fallback", "decision": "deny", "include": [{"everyone": {}}]})
12981298

1299-
app_result = create_cloudflare_access_application(
1300-
full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1301-
)
1302-
if app_result:
1303-
access_app_id = app_result.get('id')
1304-
access_policy_type = manual_access_policy_type
1305-
else:
1306-
cloudflared_agent_state["last_action_status"] = "Error: Failed to create Access App for manual policy."
1299+
if cf_access_policies:
1300+
app_result = None
1301+
existing_app = find_cloudflare_access_application_by_hostname(full_hostname)
1302+
if existing_app:
1303+
app_result = update_cloudflare_access_application(
1304+
existing_app['id'], full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1305+
)
1306+
else:
1307+
app_result = create_cloudflare_access_application(
1308+
full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1309+
)
1310+
1311+
if app_result:
1312+
access_app_id = app_result.get('id')
1313+
access_policy_type = manual_access_policy_type
1314+
else:
1315+
cloudflared_agent_state["last_action_status"] = "Error: Failed to create/update Access App for manual policy."
13071316

13081317
with state_lock:
13091318
existing_rule = managed_rules.get(key_for_managed_rules)
@@ -1524,9 +1533,17 @@ def ui_edit_manual_rule_route():
15241533
{"name": "UI Deny Fallback", "decision": "deny", "include": [{"everyone": {}}]}
15251534
]
15261535
if cf_access_policies:
1527-
app_result = create_cloudflare_access_application(
1528-
full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1529-
)
1536+
app_result = None
1537+
existing_app = find_cloudflare_access_application_by_hostname(full_hostname)
1538+
if existing_app:
1539+
app_result = update_cloudflare_access_application(
1540+
existing_app['id'], full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1541+
)
1542+
else:
1543+
app_result = create_cloudflare_access_application(
1544+
full_hostname, f"DockFlare-{full_hostname}", "24h", False, [full_hostname], cf_access_policies, None, False
1545+
)
1546+
15301547
if app_result:
15311548
access_app_id = app_result.get('id')
15321549
access_policy_type = manual_access_policy_type

0 commit comments

Comments
 (0)