Cloudflare #Workers possible #CRON #bug ? worker being called tens of times
Hi,
Context
worker script:
- a) not using CLI; but web interface to copy/paste updated script, debug using console
script description
- a) export both fetch and scheduled functions. since the worker could be executed manually by browsing its URL and periodically by cron settings
- b) both functions do exactly the same
- c) the worker flow is this: fetches gmail and gsheets api calls, generates an email-body summarizing some info, and sends JUST ONE EMAIL including that email-body usign sendgrid api
- d) in order to understand when the worker's script was run, an epoch time variable is set at the very beginning and is added to the subject
- e) the subject have 2 possible contents
- f) the script works perfectly
script expected behaviour
- when cron executes the worker, ONLY ONE EMAIL should be received (sendgrid's api is fetch once)
possible bug description, our unexpected CF worker's runtime execution
the reason I highlighted JUST ONE EMAIL is because, for some reason, many times i am receiving several identical emails as shown in the attached screenshot
a second surprising, amazingly unexpected result, is that for the same exact epoch time, i am receiving 2 subjects !! which is absolutely impossible considering that the worker is run once at that specific time, and the subject is set based on IF ELSE
if (emailsData.length > 0) {
subject =
${epochTime} - Real - ꔪ IMPORTANT emails found;
} else {
subject = ${epochTime} - Real - Nothing special;
}
one last comment
A similar script is also deployed to another worker. that worker had set a cron.
but now the corn is gone (i deleted it) - BUT THE WORKER is still being periodically executed.
or something like that... (i know that because i am receiving emails from that worker i did not executed manually)
Well, I really need some light on this. I am probably missing something.
In any case I need your clarification.
Thanks in advance
1 Reply
Hi, thanks for taking time to help.
Here is the basecode.
it exports both fetch & scheduled
both calls start() in order to run the script in both cases: if the worker is called by browsing it or by a cron
an epochTime is registered to identify the worker specific, unique execution
the start method look for an arrays of emails (code deleted for simplification)
depending on the the lenght of the array, a sendgrid api call is done so send an email
only one email is sent by worker execution, assigning the epochTime variable as the subject
for reasons i cand figure out, sometimes i get several emails with the same, identical subject
indicating that the worker was run those many times
(sendgrid inst sending several identical emails)
worker's code attached
//-------
export default {
async fetch(request, env) {
const log = await start("manual", env);
return new Response(log, {
headers: { 'Content-Type': 'text/plain' }
});
},
async scheduled(event, env) {
const log = await start("cron", env);
console.log(log);
}
};
//---------
async function start(log, env) {
const epochTime = Math.floor(Date.now() / 1000);
let emailsData = getEmails();
if (emailsData.length > 0) {
subject =
${epochTime} - ꔪ;
} else {
subject = ${epochTime} - 0;
}
await sendLogByEmail(log, env, subject);
return log;
}
//-----------
async function sendLogByEmail(log, env, subject) {
const apiKey = env.VAR_SG_APIKEY;
const fromEmail = env.VAR_FROM;
const toEmail = env.VAR_TO;
const url = 'https://api.sendgrid.com/v3/mail/send';
const emailData = {
personalizations: [{
to: [{ email: toEmail }],
}],
from: { email: fromEmail },
subject: subject,
content: [{
type: 'text/plain',
value: log,
}],
};
try {
const response = await fetch(url, {
method: 'POST',
headers: {
'Authorization': Bearer ${apiKey},
'Content-Type': 'application/json',
},
body: JSON.stringify(emailData),
});
if (!response.ok) {
throw new Error(${response.status});
}
} catch (error) {
console.error(${error.message});
}
}
which bots ? the worker's URL is not published anywhere. i havent share it with nobody. and i think that is that would be the case, i should be receiving several emails, but with different subject (epochtimes)
thats right; but in this case the worker URL is a subdomain provided by CF. something like: myRareWorker.MyCFUsername.workers.dev
so in order the worker to be knocked, the bots outthere should know this URL, and i cant find out how they could...
where can i check the existance of those certificates ? it would be great if i can search the record for my worker specific URL
something that your approach is missing is that i am keeping track of how the worker was executed
export default {
async fetch(request, env) {
const log = await start("manual", env);
return new Response(log, {
headers: { 'Content-Type': 'text/plain' }
});
},
async scheduled(event, env) {
const log = await start("cron", env);
console.log(log);
}
};
so if the requests were called by bots, i should receive "manual" log, but i am not; instead i am getting "cron" meaning the worker is being called by the internal system of CF workers infrastructure
i started to log the origin-IP and the userAgent. amazingly one userAgent value was:
"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]"
from the IP 205.210.31.169