Firefox Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.

data-breach firefox

Перейти к файлу

Robert Micheletto 2f40f5f551 Removes version.json from the .dockerignore file.		2018-06-08 16:21:54 -04:00
db	restore db/utils code to pre-debugging format	2018-05-16 09:51:10 -05:00
public	HIBP Credit Updates #174	2018-06-08 10:27:21 -05:00
routes	Don't stash scan results in session cookie	2018-06-07 17:22:51 +02:00
scripts	website logos fix, other template mods	2018-06-06 21:35:59 -05:00
tests	Update test-user.js	2018-06-07 10:12:41 -07:00
views	HIBP Credit Updates #174	2018-06-08 10:27:21 -05:00
.dockerignore	Removes version.json from the .dockerignore file.	2018-06-08 16:21:54 -04:00
.env-dist	minus token	2018-06-06 21:50:14 -05:00
.eslintignore	Use sequelize for hashset script	2018-03-12 15:08:12 -05:00
.eslintrc.js	keep linting test/ files	2018-05-17 11:05:51 -05:00
.gitignore	Merge branch 'template-updates'	2018-06-01 06:48:49 -05:00
.htmllintrc	Add attr-bans to .htmllintrc	2018-03-12 15:08:11 -05:00
.npmignore	fix #24 : add Travis and Coveralls	2018-02-09 07:37:47 -06:00
.stylelintrc	Rebasing .stylelintrc and fixing errors	2018-06-01 08:00:29 -07:00
.travis.yml	Start database interface (#48 )	2018-03-05 19:23:53 +05:30
Dockerfile	for #55 : add Dockerfile for dockerflow	2018-05-31 09:55:32 -05:00
LICENSE	Add LICENSE file and update package.json license	2018-06-07 14:49:16 -07:00
README.md	setup updates	2018-05-24 13:13:46 -05:00
api.md	Add basic info to api.md	2018-02-01 06:56:04 +05:30
app-constants.js	for #55 : redirect non-dev environments to https	2018-05-31 17:55:19 -05:00
circle.yml	Copies version.json asset to CIRCLE_ARTIFACTS	2018-06-08 16:03:32 -04:00
email-utils.js	Resolve some ESLint console warnings	2018-05-17 11:04:52 -05:00
hbs-helpers.js	update hibp to use real range API	2018-05-22 16:28:06 -05:00
hibp.js	website logos fix, other template mods	2018-06-06 21:35:59 -05:00
package-lock.json	with spinner + new scan form partial	2018-06-04 14:38:30 -05:00
package.json	Add LICENSE file and update package.json license	2018-06-07 14:49:16 -07:00
server.js	for #55 : disable un-used routes and urls	2018-06-01 13:46:13 -05:00
sha1-utils.js	Fix a bunch of ESLint errors	2018-04-18 16:39:05 +02:00

README.md

Breach Alerts

Summary

Firefox Breach Alerts notifies users when their credentials have possibly been leaked or stolen in a data breach. Powered by haveibeenpwned.com.

Context

See the Have I Been Pwned about page for the "what" and "why" of data breach alerts.

This project aims to explore how Firefox - as the user agent - can support this.

See the Breach Alert Product Brief for more background, objectives, key use cases.

Development

Requirements

Node 9 (with npm)
Postgres

Install

Clone and change to the directory:

git clone https://github.com/mozilla/blurts-server.git
cd blurts-server

Install dependencies:
```
npm install
```
Copy the .env-dist file to .env:
```
cp .env-dist .env
```

Run

Run the server:
```
npm start
```
Visit the test.html page at localhost:6060/test.html

Test Data

To create the test database tables, run the knex migrations:

./node_modules/.bin/knex --knexfile db/knexfile.js migrate:latest

To populate the database with test data, use these scripts in scripts/:

node scripts/load-breaches.js loads breaches from HIBP into the database
node scripts/add-breached-emails.js adds some breached email records for test[1-3]@test.com users

Both scripts have --help arguments for usage help.

Emails

The included .env-dist sets DEBUG_DUMMY_SMTP=1 which disables emails.

To send emails, you'll need to unset DEBUG_DUMMY_SMTP and supply real SMTP config values for sending email.

You can set and source these via the .env file, or set them directly:

export DEBUG_DUMMY_SMTP=
export SMTP_HOST=<your-smtp-host>
export SMTP_PORT=<your-smtp-port>
export SMTP_USERNAME=<your-username>
export SMTP_PASSWORD=<your-password>

Firefox Accounts

To use Firefox Accounts, you'll need to create an FxA Oauth Client and then set some OAUTH config values.

You can set and source these via the .env file, or set them directly:

OAUTH_CLIENT_ID=<your-fxa-oauth-client-id>
OAUTH_CLIENT_SECRET=<your-fxa-oauth-client-secret>
OAUTH_AUTHORIZATION_URI="https://oauth-stable.dev.lcip.org/v1/authorization"
OAUTH_PROFILE_URI="https://stable.dev.lcip.org/profile/v1/profile"
OAUTH_TOKEN_URI="https://oauth-stable.dev.lcip.org/v1/token"

Breach Hashsets

This requires an enterprise subscriber API token from HIBP, which you will have to get manually. Please ask a project admin if you need one. To download HIBP breach hashsets, set a HIBP_API_TOKEN environment variable. You can set and source it via the .env file, or set it directly:

export HIBP_API_TOKEN="<HIBP-API-TOKEN>"

With the HIBP_API_TOKEN set, run the get-hashsets.js script:

npm run scripts/get-hashsets.js

This will download the .zip files into breach_hashsets/ directory.

Testing

Lint

After installing the dependencies, you can lint the code by calling:

npm run lint

Deployment

blurts is designed with 12-factor methodology.

Deploy on Heroku

You will need to set required environment variables on Heroku.

heroku config:set COOKIE_SECRET=unsafe-cookie-secret-for-heroku
heroku config:set DEBUG_DUMMY_SMTP=1