feat(zone_manager.rs): implement pagination for Cloudflare zone retrieval to handle large zone lists

refactor(zone_manager.rs): use async RwLock for ZONE_CACHE to improve concurrency
fix(zone_manager.rs): correct find_best_match_from_cache to be async for consistency
chore(.sh): add new repomix command for Dockerfile and fail2ban to streamline build process
fix(jail.local): standardize bantime to 1h for all fail2ban rules for consistency and clarity
perf(jail.local): increase maxretry for nginx-request-flood to reduce false positives

Author: ErcinDedeoglu

.sh

@@ -32,6 +32,11 @@ repomix --no-file-summary --no-security-check \
   --include "src/Dockerfile,src/docker_scripts/**,src/webserver/nginx/nginx.conf,src/fail2ban/**" \
   --output "repopack.yml"
 
+# dockerfile + fail2ban
+repomix --no-file-summary --no-security-check \
+  --include "src/Dockerfile,src/docker_scripts/**,src/fail2ban/**" \
+  --output "repopack.yml"
+
 docker build -t dublok/proxma:latest -f src/Dockerfile .
 docker buildx build --platform linux/amd64,linux/arm64 -t dublok/proxma:latest -f src/Dockerfile .
 docker run -it --rm --name proxma -v /var/run/docker.sock:/var/run/docker.sock dublok/proxma:latest

src/dns/zone_manager.rs

@@ -2,12 +2,14 @@ use cloudflare::framework::client::async_api::Client as HttpApiClientAsync;
 use cloudflare::framework::{Environment, response::ApiFailure};
 use cloudflare::endpoints::zones::zone::{ListZones, ListZonesParams};
 use lazy_static::lazy_static;
+use tokio::sync::RwLockWriteGuard;
 use std::collections::HashMap;
-use std::sync::RwLock;
+use tokio::sync::RwLock;
 use super::auth_manager::AuthManager;
+use std::sync::Arc;
 
 lazy_static! {
-    static ref ZONE_CACHE: RwLock<HashMap<String, String>> = RwLock::new(HashMap::new());
+    static ref ZONE_CACHE: Arc<RwLock<HashMap<String, String>>> = Arc::new(RwLock::new(HashMap::new()));
 }
 
 pub struct ZoneManager {}
@@ -24,41 +26,69 @@ impl ZoneManager {
         api_token: Option<String>,
     ) -> Result<(), String> {
         let credentials = AuthManager::get_credentials(email, api_key, api_token)?;
-        
-        // Corrected client instantiation
+    
         let client = HttpApiClientAsync::new(
             credentials,
             Default::default(),
             Environment::Production,
-        ).map_err(|e| format!("Cloudflare API client creation failed: {:?}", e))?;
-        
-        let endpoint = ListZones {
-            params: ListZonesParams::default(),
-        };
-        
+        )
+        .map_err(|e| format!("Cloudflare API client creation failed: {:?}", e))?;
+    
+        let mut page = 1;
+        let per_page = 50;
+        let mut fetched_all = false;
+    
+        {
+            let mut cache: RwLockWriteGuard<'_, HashMap<String, String>> = ZONE_CACHE.write().await;
+            cache.clear();
+        }
+    
         println!("# Retrieving zones from Cloudflare API...");
-        
-        // Make the async request using the correct client & endpoints
-        match client.request(&endpoint).await {
-            Ok(api_success) => {
-                let zones = api_success.result;
-                let mut cache = ZONE_CACHE.write().map_err(|e| format!("Cache write lock error: {}", e))?;
-                cache.clear();
-                for zone in &zones {
-                    println!("# Zone found: {} ({})", zone.name, zone.id);
-                    cache.insert(zone.name.clone(), zone.id.clone());
+        while !fetched_all {
+            let params = ListZonesParams {
+                page: Some(page),
+                per_page: Some(per_page),
+                ..Default::default()
+            };
+            let endpoint = ListZones { params };
+    
+            match client.request(&endpoint).await {
+                Ok(api_success) => {
+                    let zones = api_success.result;
+    
+                    {
+                        let mut cache = ZONE_CACHE.write().await;
+                        for zone in &zones {
+                            println!("# Zone found: {} ({})", zone.name, zone.id);
+                            cache.insert(zone.name.clone(), zone.id.clone());
+                        }
+                    }
+    
+                    if let Some(result_info) = api_success.result_info {
+                        if let Some(total_pages) = result_info.get("total_pages").and_then(|v| v.as_u64()) {
+                            if page >= total_pages as u32 {
+                                fetched_all = true;
+                            } else {
+                                page += 1;
+                            }
+                        } else {
+                            fetched_all = true;
+                        }
+                    } else {
+                        fetched_all = true;
+                    }
+                }
+                Err(ApiFailure::Error(status, errors)) => {
+                    println!("# Cloudflare API returned error (HTTP {}): {:?}", status, errors);
+                    return Err(format!("Cloudflare API error ({}): {:?}", status, errors));
+                }
+                Err(ApiFailure::Invalid(e)) => {
+                    println!("# HTTP request failure: {:?}", e);
+                    return Err(format!("Cloudflare HTTP request failed: {}", e));
                 }
-                Ok(())
-            }
-            Err(ApiFailure::Error(status, errors)) => {
-                println!("# Cloudflare API returned error (HTTP {}): {:?}", status, errors);
-                Err(format!("Cloudflare API error ({}): {:?}", status, errors))
-            }
-            Err(ApiFailure::Invalid(e)) => {
-                println!("# HTTP request failure: {:?}", e);
-                Err(format!("Cloudflare HTTP request failed: {}", e))
             }
         }
+        Ok(())
     }
 
     pub async fn find_best_matching_zone(
@@ -69,20 +99,20 @@ impl ZoneManager {
         api_token: Option<String>,
     ) -> Result<(Option<String>, Option<String>), String> {
         // Try to find from cache first
-        if let Some((zone_name, zone_id)) = Self::find_best_match_from_cache(hostname) {
+        if let Some((zone_name, zone_id)) = Self::find_best_match_from_cache(hostname).await {
             return Ok((Some(zone_name), Some(zone_id)));
         }
 
         // If not found in cache, refresh zones and try again
         self.refresh_zones(email, api_key, api_token).await?;
 
         // Return the best match after refresh
-        Ok(Self::find_best_match_from_cache(hostname).map(|(name, id)| (Some(name), Some(id))).unwrap_or((None, None)))
+        Ok(Self::find_best_match_from_cache(hostname).await.map(|(name, id)| (Some(name), Some(id))).unwrap_or((None, None)))
     }
 
     /// Helper method to find the best matching zone from the cache
-    fn find_best_match_from_cache(hostname: &str) -> Option<(String, String)> {
-        let cache = ZONE_CACHE.read().ok()?;
+    async fn find_best_match_from_cache(hostname: &str) -> Option<(String, String)> {
+        let cache = ZONE_CACHE.read().await;
 
         // Find all zone names that are part of the hostname (domain matching)
         // A proper match is when the hostname ends with the zone name,

src/fail2ban/jail.local

@@ -22,6 +22,7 @@ enabled = false
 enabled = true
 filter = nginx-http-auth
 logpath = /var/proxma/logs/nginx_access.log
+bantime = 1h
 port = http,https
 
 [nginx-http-auth-proxma]
@@ -30,19 +31,22 @@ filter = nginx-http-auth-proxma
 logpath = /var/proxma/logs/nginx_access.log
 findtime = 1m
 maxretry = 3
+bantime = 1h
 port = http,https
 banaction = nginx-deny
 
 [nginx-bad-request]
 enabled = true
 filter = nginx-bad-request
 logpath = /var/proxma/logs/nginx_access.log
+bantime = 1h
 port = http,https
 
 [nginx-botsearch]
 enabled = true
 filter = nginx-botsearch
 logpath = /var/proxma/logs/nginx_access.log
+bantime = 1h
 port = http,https
 
 [nginx-probing]
@@ -51,13 +55,14 @@ filter = nginx-probing
 logpath = /var/proxma/logs/nginx_access.log
 findtime = 2m
 maxretry = 5
+bantime = 1h
 port = http,https
 
 [nginx-request-flood]
 enabled = true
 filter = nginx-request-flood
 logpath = /var/proxma/logs/nginx_access.log
-findtime = 60
-maxretry = 100
-bantime = 3600
+findtime = 60s
+maxretry = 500
+bantime = 1h
 port = http,https