H-3055: Route prod traffic via Cloudflare; fix client IP identification

[CiaranMn]

🌟 What is the purpose of this PR?

This PR does the following for the production deployment of hosted HASH:

1. Take the client's IP address from the Cloudflare-provided header
2. Allow traffic via Cloudflare only:
   • ensures that the client IP address is correct (at least is the IP that Cloudflare sees it as coming from, which might still not identify a user) and not spoofed by someone going around Cloudflare
   • ensures requests have to go via Cloudflare and thus benefit from DoS protection etc

Pre-Merge Checklist 🚀

🚢 Has this modified a publishable library?

This PR:

• does not modify any publishable blocks or libraries, or modifications do not need publishing

📜 Does this require a change to the docs?

The changes in this PR:

• are internal and do not require a docs change

🕸️ Does this require a change to the Turbo Graph?

The changes in this PR:

• do not affect the execution graph

❓ How to test this?

Testing config
See the output of Terraform plan to confirm that incoming traffic to the load balancer has been limited to only being permitted from Cloudflare IP ranges.

Testing impact

1. Once it merges, check app.hash.ai still works
2. Make a Node API request and check that the logged IP is yours (or a VPN or whatever you expect it to be)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 18.02%. Comparing base (c2c0eff) to head (a584164).
Report is 427 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4735   +/-   ##
=======================================
  Coverage   18.02%   18.02%           
=======================================
  Files         484      484           
  Lines       16248    16248           
  Branches     2485     2485           
=======================================
  Hits         2929     2929           
  Misses      13281    13281           
  Partials       38       38           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Benchmark results

@rust/graph-benches – Integrations

representative_read_multiple_entities

Function	Value	Mean	Flame graphs
entity_by_property	depths: DT=0, PT=2, ET=2, E=2	$$52.9 \mathrm{ms} \pm 274 \mathrm{μs}\left({\color{gray}1.89 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=2, PT=2, ET=2, E=2	$$57.3 \mathrm{ms} \pm 425 \mathrm{μs}\left({\color{gray}1.92 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=0, E=2	$$41.4 \mathrm{ms} \pm 284 \mathrm{μs}\left({\color{gray}-1.044 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=2, E=2	$$48.6 \mathrm{ms} \pm 263 \mathrm{μs}\left({\color{gray}2.19 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=255, PT=255, ET=255, E=255	$$65.2 \mathrm{ms} \pm 442 \mathrm{μs}\left({\color{gray}0.851 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=0, E=0	$$37.8 \mathrm{ms} \pm 256 \mathrm{μs}\left({\color{gray}2.20 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=2, ET=2, E=2	$$93.7 \mathrm{ms} \pm 665 \mathrm{μs}\left({\color{gray}1.54 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=2, PT=2, ET=2, E=2	$$99.0 \mathrm{ms} \pm 642 \mathrm{μs}\left({\color{gray}3.60 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=0, E=2	$$78.4 \mathrm{ms} \pm 458 \mathrm{μs}\left({\color{gray}0.400 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=2, E=2	$$90.1 \mathrm{ms} \pm 252 \mathrm{μs}\left({\color{gray}2.18 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=255, PT=255, ET=255, E=255	$$105 \mathrm{ms} \pm 650 \mathrm{μs}\left({\color{gray}2.34 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=0, E=0	$$40.0 \mathrm{ms} \pm 323 \mathrm{μs}\left({\color{gray}-0.539 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity

Function	Value	Mean	Flame graphs
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1	$$17.1 \mathrm{ms} \pm 225 \mathrm{μs}\left({\color{lightgreen}-30.078 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1	$$15.5 \mathrm{ms} \pm 195 \mathrm{μs}\left({\color{gray}-3.512 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1	$$17.3 \mathrm{ms} \pm 261 \mathrm{μs}\left({\color{gray}1.66 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1	$$15.5 \mathrm{ms} \pm 199 \mathrm{μs}\left({\color{lightgreen}-10.536 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1	$$16.1 \mathrm{ms} \pm 215 \mathrm{μs}\left({\color{gray}-1.951 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2	$$17.3 \mathrm{ms} \pm 237 \mathrm{μs}\left({\color{red}7.01 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1	$$18.4 \mathrm{ms} \pm 204 \mathrm{μs}\left({\color{red}12.4 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1	$$16.1 \mathrm{ms} \pm 236 \mathrm{μs}\left({\color{lightgreen}-6.716 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1	$$17.3 \mathrm{ms} \pm 260 \mathrm{μs}\left({\color{red}6.08 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_complete_one_depth

Function	Value	Mean	Flame graphs
entity_by_id	10 entities	$$48.1 \mathrm{ms} \pm 1.84 \mathrm{ms}\left({\color{lightgreen}-6.582 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	25 entities	$$74.2 \mathrm{ms} \pm 391 \mathrm{μs}\left({\color{gray}-1.608 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	50 entities	$$270 \mathrm{ms} \pm 1.80 \mathrm{ms}\left({\color{gray}0.179 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	5 entities	$$24.4 \mathrm{ms} \pm 311 \mathrm{μs}\left({\color{gray}1.54 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$19.6 \mathrm{ms} \pm 110 \mathrm{μs}\left({\color{gray}-0.825 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_complete_zero_depth

Function	Value	Mean	Flame graphs
entity_by_id	10 entities	$$2.08 \mathrm{ms} \pm 11.1 \mathrm{μs}\left({\color{gray}0.813 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	25 entities	$$2.78 \mathrm{ms} \pm 71.4 \mathrm{μs}\left({\color{red}7.00 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	50 entities	$$3.90 \mathrm{ms} \pm 17.6 \mathrm{μs}\left({\color{lightgreen}-8.563 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	5 entities	$$1.89 \mathrm{ms} \pm 7.83 \mathrm{μs}\left({\color{gray}0.593 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$1.85 \mathrm{ms} \pm 8.07 \mathrm{μs}\left({\color{gray}-0.421 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity_type

Function	Value	Mean	Flame graphs
get_entity_type_by_id	Account ID: d4e16033-c281-4cde-aa35-9085bf2e7579	$$1.42 \mathrm{ms} \pm 6.53 \mathrm{μs}\left({\color{gray}0.996 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_linkless

Function	Value	Mean	Flame graphs
entity_by_id	10 entities	$$1.85 \mathrm{ms} \pm 8.86 \mathrm{μs}\left({\color{gray}0.258 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	100 entities	$$2.02 \mathrm{ms} \pm 10.5 \mathrm{μs}\left({\color{gray}-0.699 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1000 entities	$$2.79 \mathrm{ms} \pm 13.5 \mathrm{μs}\left({\color{gray}0.769 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10000 entities	$$12.8 \mathrm{ms} \pm 137 \mathrm{μs}\left({\color{gray}-0.241 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$1.80 \mathrm{ms} \pm 5.32 \mathrm{μs}\left({\color{gray}-0.981 \mathrm{\%}}\right) $$	Flame Graph