Suggestion for implementation

hhvrc · hhvrc · commit f61437bc4431 · 2026-03-31T14:50:13.000+02:00
diff --git a/.github/workflows/update-cloudflare-proxies.yml b/.github/workflows/update-cloudflare-proxies.yml
@@ -5,9 +5,6 @@ on:
     - cron: '0 0 1 * *' # runs at 00:00 UTC on the 1st day of every month
   workflow_dispatch:
 
-env:
-  IP_MERGED_FILE: Common/cloudflare-ips.txt
-
 jobs:
   update-proxies:
     runs-on: ubuntu-latest
@@ -17,23 +14,16 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Fetch Cloudflare IPs and Update Files
-        env:
-          IPV4_URL: https://www.cloudflare.com/ips-v4
-          IPV6_URL: https://www.cloudflare.com/ips-v6
-        run: |
-          set -euo pipefail
+      - uses: actions/setup-dotnet@v4
 
-          echo "Fetching Cloudflare IP lists and merging"
-          curl -s $IPV4_URL > $IP_MERGED_FILE
-          echo "" >> $IP_MERGED_FILE
-          curl -s $IPV6_URL >> $IP_MERGED_FILE
+      - name: Build to regenerate Cloudflare IPs
+        run: dotnet build Common/Common.csproj
 
       - name: Commit and Push Changes
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
-          git add ${{ env.IP_MERGED_FILE }}
+          git add Common/Utils/CloudflareNetworks.g.cs
 
           if git diff --cached --quiet; then
             echo "No changes detected."
diff --git a/Common/Common.csproj b/Common/Common.csproj
@@ -35,12 +35,51 @@
     <PackageReference Include="Z.EntityFramework.Plus.EFCore" />
   </ItemGroup>
 
-  <!-- Files to copy -->
-  <ItemGroup>
-    <EmbeddedResource Include="cloudflare-ips.txt">
-      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-    </EmbeddedResource>
-  </ItemGroup>
+  <!-- Fetch Cloudflare IPs at build time and generate C# source -->
+  <UsingTask TaskName="GenerateCloudflareIPsSource" TaskFactory="RoslynCodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)/Microsoft.Build.Tasks.Core.dll">
+    <ParameterGroup>
+      <IPv4File ParameterType="System.String" Required="true" />
+      <IPv6File ParameterType="System.String" Required="true" />
+      <OutputFile ParameterType="System.String" Required="true" />
+    </ParameterGroup>
+    <Task>
+      <Code Type="Fragment" Language="cs"><![CDATA[
+        var lines = new List<string>();
+        lines.AddRange(File.ReadAllLines(IPv4File).Where(l => !string.IsNullOrWhiteSpace(l)));
+        lines.AddRange(File.ReadAllLines(IPv6File).Where(l => !string.IsNullOrWhiteSpace(l)));
+
+        var sb = new System.Text.StringBuilder();
+        sb.AppendLine("// <auto-generated/>");
+        sb.AppendLine("using System.Net;");
+        sb.AppendLine();
+        sb.AppendLine("namespace OpenShock.Common.Utils;");
+        sb.AppendLine();
+        sb.AppendLine("public static partial class TrustedProxiesFetcher");
+        sb.AppendLine("{");
+        sb.AppendLine("    private static readonly IPNetwork[] CloudflareNetworks =");
+        sb.AppendLine("    [");
+        foreach (var line in lines)
+            sb.AppendLine($"        IPNetwork.Parse(\"{line.Trim()}\"),");
+        sb.AppendLine("    ];");
+        sb.AppendLine("}");
+
+        File.WriteAllText(OutputFile, sb.ToString());
+      ]]></Code>
+    </Task>
+  </UsingTask>
+
+  <Target Name="FetchCloudflareIPs" BeforeTargets="PrepareForBuild">
+    <MakeDir Directories="$(IntermediateOutputPath)" />
+    <DownloadFile SourceUrl="https://www.cloudflare.com/ips-v4"
+                  DestinationFolder="$(IntermediateOutputPath)"
+                  DestinationFileName="cf-v4.txt" />
+    <DownloadFile SourceUrl="https://www.cloudflare.com/ips-v6"
+                  DestinationFolder="$(IntermediateOutputPath)"
+                  DestinationFileName="cf-v6.txt" />
+    <GenerateCloudflareIPsSource IPv4File="$(IntermediateOutputPath)cf-v4.txt"
+                                 IPv6File="$(IntermediateOutputPath)cf-v6.txt"
+                                 OutputFile="$(MSBuildProjectDirectory)/Utils/CloudflareNetworks.g.cs" />
+  </Target>
 
   <!-- Capture git commit only if we're in a git repo; pipe output back to MSBuild -->
   <Target Name="SetSourceRevisionId" BeforeTargets="InitializeSourceControlInformation">
diff --git a/Common/Utils/CloudflareNetworks.g.cs b/Common/Utils/CloudflareNetworks.g.cs
@@ -0,0 +1,33 @@
+// <auto-generated/>
+using System.Net;
+
+namespace OpenShock.Common.Utils;
+
+public static partial class TrustedProxiesFetcher
+{
+    private static readonly IPNetwork[] CloudflareNetworks =
+    [
+        IPNetwork.Parse("173.245.48.0/20"),
+        IPNetwork.Parse("103.21.244.0/22"),
+        IPNetwork.Parse("103.22.200.0/22"),
+        IPNetwork.Parse("103.31.4.0/22"),
+        IPNetwork.Parse("141.101.64.0/18"),
+        IPNetwork.Parse("108.162.192.0/18"),
+        IPNetwork.Parse("190.93.240.0/20"),
+        IPNetwork.Parse("188.114.96.0/20"),
+        IPNetwork.Parse("197.234.240.0/22"),
+        IPNetwork.Parse("198.41.128.0/17"),
+        IPNetwork.Parse("162.158.0.0/15"),
+        IPNetwork.Parse("104.16.0.0/13"),
+        IPNetwork.Parse("104.24.0.0/14"),
+        IPNetwork.Parse("172.64.0.0/13"),
+        IPNetwork.Parse("131.0.72.0/22"),
+        IPNetwork.Parse("2400:cb00::/32"),
+        IPNetwork.Parse("2606:4700::/32"),
+        IPNetwork.Parse("2803:f800::/32"),
+        IPNetwork.Parse("2405:b500::/32"),
+        IPNetwork.Parse("2405:8100::/32"),
+        IPNetwork.Parse("2a06:98c0::/29"),
+        IPNetwork.Parse("2c0f:f248::/32"),
+    ];
+}
diff --git a/Common/Utils/TrustedProxiesFetcher.cs b/Common/Utils/TrustedProxiesFetcher.cs
@@ -2,7 +2,7 @@
 
 namespace OpenShock.Common.Utils;
 
-public static class TrustedProxiesFetcher
+public static partial class TrustedProxiesFetcher
 {
     private static readonly HttpClient Client = new();
 
@@ -77,14 +77,7 @@ public static async Task<IPNetwork[]> GetTrustedNetworksAsync(bool fetch = true)
             cfProxies = await FetchCloudflareIPs();
         }
 
-        if (cfProxies is null)
-        {
-            var assembly = typeof(TrustedProxiesFetcher).Assembly;
-            var resourceName = assembly.GetName().Name + ".cloudflare-ips.txt";
-            await using var stream = assembly.GetManifestResourceStream(resourceName) ?? throw new NullReferenceException("Could not open embedded cloudflare-ips.txt file");
-            using var reader = new StreamReader(stream);
-            cfProxies = ParseNetworks(await reader.ReadToEndAsync());
-        }
+        cfProxies ??= CloudflareNetworks;
 
         return [.. PrivateNetworksParsed, .. cfProxies];
     }
diff --git a/Common/cloudflare-ips.txt b/Common/cloudflare-ips.txt

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	`namespace OpenShock.Common.Utils;`
`4`	`4`
`5`		`-public static class TrustedProxiesFetcher`
	`5`	`+public static partial class TrustedProxiesFetcher`
`6`	`6`	`{`
`7`	`7`	`private static readonly HttpClient Client = new();`
`8`	`8`
`@@ -77,14 +77,7 @@ public static async Task<IPNetwork[]> GetTrustedNetworksAsync(bool fetch = true)`
`77`	`77`	`cfProxies = await FetchCloudflareIPs();`
`78`	`78`	`}`
`79`	`79`
`80`		`- if (cfProxies is null)`
`81`		`- {`
`82`		`- var assembly = typeof(TrustedProxiesFetcher).Assembly;`
`83`		`- var resourceName = assembly.GetName().Name + ".cloudflare-ips.txt";`
`84`		`- await using var stream = assembly.GetManifestResourceStream(resourceName) ?? throw new NullReferenceException("Could not open embedded cloudflare-ips.txt file");`
`85`		`- using var reader = new StreamReader(stream);`
`86`		`- cfProxies = ParseNetworks(await reader.ReadToEndAsync());`
`87`		`- }`
	`80`	`+ cfProxies ??= CloudflareNetworks;`
`88`	`81`
`89`	`82`	`return [.. PrivateNetworksParsed, .. cfProxies];`
`90`	`83`	`}`