mrrfv/cloudflare-gateway-pihole-scripts

Cannot create CGPS List...Please help

docj1 opened this issue · 3 comments

docj1 commented

I have used the API from cloud flare and ID as suggested in the instructions. I am not sure why I am getting this error.

Sorry, i am a new to this so any help will be appreciated.

Command #6: node cf_list_create.js

Processing allowlist.txt
Processing blocklist.txt

Number of processed domains: 372720
Number of duplicate domains: 95783
Number of unnecessary domains: 87507
Number of allowed domains: 189
Number of blocked domains: 189241
Number of lists to be created: 190

Creating 190 lists for 189241 domains...
An error occured while making a web request: "Error: Response not OK", retrying. Attempt 1 of 50.

Could not create "CGPS List - Chunk 1" - Error: HTTP error! Status: 400 - Authentication error - Error: Response not OK
file:///Users/admin/cloudflare-gateway-pihole-scripts/lib/helpers.js:131
throw new Error(HTTP error! Status: ${response.status} - ${ (data && 'errors' in data) ? data.errors[0].message : data } - ${error});
^

Error: HTTP error! Status: 400 - Authentication error - Error: Response not OK
at request (file:///Users/admin/cloudflare-gateway-pihole-scripts/lib/helpers.js:131:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async createZeroTrustListsOneByOne (file:///Users/admin/cloudflare-gateway-pihole-scripts/lib/api.js:48:7)
at async file:///Users/admin/cloudflare-gateway-pihole-scripts/cf_list_create.js:141:5

Node.js v20.15.0

galpt commented

@docj1
I updated my filter yesterday and today just several minutes ago.
Everything still works and this issue didn't happen.
You probably forgot to configure the .env file when this happened.

Screenshot 2024-07-08 095612

To run it on your own computer, just follow the step by step, it's straightforward.

Screenshot 2024-07-08 100126

  • 👍1
docj1 commented

@galpt thank you for the reply. I am not sure why it wasn't working before. but i went and created a blank list on cloudflare first and then tried authenticating that list which worked. Some how it started working afterwards. Also, does it matter which device. I did set it up in mac.

I have few more questions. @mrrfv

  1. if how do i make children account to use that global api to reduce security risk. (is it just add user with different email address?, if so then when i update with subsequent run it will be able to edit the CGPS lists as they would have access to edit those correct?
  2. i created a second list to block few domains for my test iphone. Currently, the DNS is blocking both CGPS and my additional list on both device connected to Cloudflare DNS. I tried to google but haven't been able to find proper directions.
  3. Do i set up anything extra to automate the update the scripts or it's already included in the steps about?
galpt commented

@docj1
I mean.. if it's your first time running this repo locally (on your computer) then you need to run the step (5) first, looking from my previous answer.
If it's not your first time running it, you need to run step (4) and skip the step (5).
There's no need to manually make a list or something like that, since I didn't do that and it just works for me.
I believe what device you're using doesn't matter as long as it supports NodeJS.
I'm using Windows so not sure if that only happens for Mac users.

I'll help answering the additional questions.

For question (1), since you're the one who's using it, there's no real security risk unless you're just that careless uploading your API Keys to a public repo or something.

For question (2), I can't really understand it. Are you asking if Gateway can use separate filters for separate DNS locations?
The answer's probably no, because I did try that a month ago and your filters will be combined for your Gateway, even if you've set up a different DoH.

For question (3), if you have Windows, that'll be easier because I made a batch file to automate the update process.
Since I don't use Mac/Linux, anyone who uses other than Windows can just ask ChatGPT or just google it on how to make such script.

This is the script I made, put it in the same folder like the .env file.

autoupdate-filters.bat

@set @_cmd=1 /*
@echo off
setlocal EnableExtensions
title gateway-updater
color 0e

whoami /groups | findstr "S-1-16-12288" >nul && goto :admin
if "%~1"=="RunAsAdmin" goto :error

echo Requesting privileges elevation for managing the service . . .
cscript /nologo /e:javascript "%~f0" || goto :error
exit /b

:error
echo.
echo Error: Administrator privileges elevation failed,
echo        please manually run this script as administrator.
echo.
goto :end

:admin
pushd "%~dp0"
echo.
echo [INFO] Updating blocklist and allowlist.
echo.
node download_lists.js
echo.

echo [INFO] Deleting lists currently used by Gateway rules.
echo.
node cf_gateway_rule_delete.js
node cf_list_delete.js
echo.

echo [INFO] Pushing latest lists to Gateway rules.
echo.
node cf_list_create.js
node cf_gateway_rule_create.js
echo.

echo [INFO] Finished updating Gateway rules.
popd
echo.

:end
set /p =Press [Enter] to exit . . .
exit /b */

// JScript, restart batch script as administrator
var objShell = WScript.CreateObject('Shell.Application');
var ComSpec = WScript.CreateObject('WScript.Shell').ExpandEnvironmentStrings('%ComSpec%');
objShell.ShellExecute(ComSpec, '/c ""' + WScript.ScriptFullName + '" RunAsAdmin"', '', 'runas', 1);