Firefox Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.

data-breach firefox

Перейти к файлу

عمر 75c48c6ed2 Pontoon: Update Urdu (ur) localization of Firefox Monitor Website Co-authored-by: عمر <um.qshi@gmail.com>		2021-06-26 09:07:58 +00:00
.circleci	Changes Circle Configuration to use `main` branch.	2021-01-19 11:21:08 -05:00
__mocks__	fix #1064 : mock sns-validator during tests	2019-07-11 10:26:46 -05:00
controllers	remove data waitlist page experiment	2021-03-31 09:21:32 -05:00
db	add_signup_language_index migration	2020-08-10 14:51:42 -05:00
docs	Revert "Merge pull request #1797 from mozilla/1789-join-the-party-experiment"	2020-08-26 12:15:32 -05:00
lib	fix #1426 : handle HTTPError during getProfileData	2020-01-06 14:08:21 -06:00
locales	Pontoon: Update Urdu (ur) localization of Firefox Monitor Website	2021-06-26 09:07:58 +00:00
public	Fix #2199 - Add logos for MobiFriends, TeeSpring and YoteprestoCom	2021-06-25 12:37:55 -07:00
routes	remove data waitlist page experiment	2021-03-31 09:21:32 -05:00
scripts	fix #2117 : match code to new Firefox alert policy	2021-05-05 13:29:25 -05:00
template-helpers	Update twofactorauth.org link to 2fa.directory (fixes #2104 )	2021-05-30 03:41:57 +09:00
tests	loosen up integration test look-alike ranges	2021-06-22 10:15:06 -05:00
views	Fix #2193 - Add new pricing copy to the VPN promo banner	2021-06-24 12:44:34 -05:00
.dockerignore	Removes version.json from the .dockerignore file.	2018-06-08 16:21:54 -04:00
.env-dist	update .env-dist and README to use FXA stage	2021-02-23 15:56:29 -06:00
.eslintignore	Credit sources and eslintignore polyfills	2018-09-24 22:12:42 -05:00
.eslintrc.js	Update dependency eslint to v7 (#1852 )	2020-08-04 11:38:54 -07:00
.gitignore	fix #1148 : redis sessions; add MAX_NUMBER_ADDRESSES	2020-09-01 11:44:50 -05:00
.htmllintrc	Add attr-bans to .htmllintrc	2018-03-08 11:22:13 -06:00
.npmignore	fix #24 : add Travis and Coveralls	2018-02-09 07:37:47 -06:00
.npmrc	add npmrc to strictly enforce node engine before install	2020-11-05 15:53:26 -06:00
.stylelintrc	Ignore "selector-type-no-unknown" rule.	2019-09-27 15:31:13 -05:00
.travis.yml	Reformatted YAML	2020-04-22 14:23:22 -05:00
CODE_OF_CONDUCT.md	Add Mozilla Code of Conduct file	2019-03-30 00:10:15 -07:00
Dockerfile	Initial commit adding integration tests. (#1557 )	2020-04-03 14:48:07 -05:00
LICENSE	Add LICENSE file and update package.json license	2018-06-07 14:49:16 -07:00
README.md	add curl command for breach alert email to README	2021-06-02 12:48:08 -05:00
app-constants.js	RECRUITMENT_BANNER_* for a site-wide recruitment banner	2020-10-06 17:12:12 -05:00
basket.js	for #669 : check db array and catch basket error	2019-01-02 11:16:21 -06:00
email-utils.js	Fixed #1552 - Reordered token param to be at the end of the verification URL.	2020-05-04 21:49:53 -05:00
hibp.js	fix #1723 : check old breach names for featured breach	2020-06-03 11:58:47 -05:00
l10n.toml	Update l10n linter to moz-l10n-lint	2019-05-09 15:20:06 -07:00
locale-utils.js	Remove unused const	2020-07-02 13:57:29 -07:00
log.js	for #55 : MOZLOG_FMT for formatting	2018-09-21 13:41:29 -05:00
middleware.js	fix #2123 : don't redirect /oauth/confirmed	2021-06-21 16:15:59 -05:00
package-lock.json	Bump trim-newlines from 3.0.0 to 3.0.1	2021-06-08 08:16:11 +00:00
package.json	update some dev linting dependencies	2021-05-27 12:52:40 -05:00
renovate.json	Configure Renovate (#1694 )	2020-05-22 15:29:21 -05:00
scan-results.js	Revert "Merge pull request #1797 from mozilla/1789-join-the-party-experiment"	2020-08-26 12:15:32 -05:00
server.js	update helmet usage	2020-11-05 15:00:44 -06:00
sha1-utils.js	Fix a bunch of ESLint errors	2018-04-18 16:39:05 +02:00

README.md

Firefox Monitor Server

Summary

Firefox Monitor notifies users when their credentials have been compromised in a data breach.

This code is for the monitor.firefox.com service & website.

Breach data is powered by haveibeenpwned.com.

See the Have I Been Pwned about page for the "what" and "why" of data breach alerts.

Development

Requirements

Node 10 (with npm)
Postgres

Install

Clone and change to the directory:

git clone https://github.com/mozilla/blurts-server.git
cd blurts-server

Install dependencies:
```
npm install
```
Copy the .env-dist file to .env:
```
cp .env-dist .env
```

Run

Run the server:
```
npm start
```

Note: npm start uses onchange and nodemon to automatically detect file changes, re-compile static assets, and restart the express process. If you want more control, see the scripts section of package.json for more commands.

Navigate to localhost:6060/

Database

To create the database tables ...

Create the blurts database:

createdb blurts
createdb test-blurts # for tests

Update the DATABASE_URL value in your .env file with your local db credentials:
```
DATABASE_URL="postgres://<username>@localhost:<port>/blurts"
```
Run the migrations:
```
npm run db:migrate
```

Emails

The included .env-dist sets DEBUG_DUMMY_SMTP=1 which disables emails.

To send emails, you'll need to unset DEBUG_DUMMY_SMTP and supply real SMTP config values for sending email.

You can set and source these via the .env file, or set them directly:

export DEBUG_DUMMY_SMTP=
export SMTP_HOST=<your-smtp-host>
export SMTP_PORT=<your-smtp-port>
export SMTP_USERNAME=<your-username>
export SMTP_PASSWORD=<your-password>

Trigger a breach alert email

To trigger a breach alert email, you need to make a POST /hibp/notify request:

Authorization: Bearer header token value that matches HIBP_NOTIFY_TOKEN
Content-Type: application/json header
JSON body with breachName, hashPrefix, and hashSuffix values
- breachName - string of a breach name in Monitor
- hashPrefix - string of first 6 chars of a subscriber's primary_sha1
- hashSuffix - array of strings of the remaining chars of the sha1 hash

E.g., a localhost curl command that triggers a breach alert email for the Adobe breach to the localmonitor20200827@mailinator.com subscriber:

curl -v -H "Authorization: Bearer unsafe-default-token-for-dev" -H "Content-Type: application/json" -d '{"breachName": "Adobe", "hashPrefix": "365050", "hashSuffixes": ["53cbb89874fc738c0512daf12bc4d91765"]}' http://localhost:6060/hibp/notify

Firefox Accounts

Subscribe with a Firefox Account is controlled via the FXA_ENABLED environment variable. (See .env-dist)

The repo comes with a development FxA oauth app pre-configured in .env, which should work fine running the app on http://localhost:6060. You'll need to get the OAUTH_CLIENT_SECRET value from someone in #fxmonitor-engineering.

Testing

The full test suite can be run via npm test.

Individual tests

To run individual tests, use NODE_ENV=tests and jest:

NODE_ENV=tests jest --runInBand tests/home.test.js

To run tests with interactive debugger lines enabled:

NODE_ENV=tests node inspect --harmony ./node_modules/.bin/jest tests/home.test.js

Lint

After installing the dependencies, you can lint the code by calling:

npm run lint

Deployment

Firefox Monitor Breach Alerts is designed with 12-factor methodology.

Deploy on Heroku

You will need to set some required environment variables on Heroku.

heroku config:set COOKIE_SECRET=unsafe-cookie-secret-for-heroku
heroku config:set DEBUG_DUMMY_SMTP=1

And any others, depending on the features you're running on Heroku - e.g., Email or Firefox Accounts.