Firefox Monitor Server

Summary

Firefox Monitor notifies users when their credentials have been compromised in a data breach.

This code is for the monitor.firefox.com service & website.

Breach data is powered by haveibeenpwned.com.

See the Have I Been Pwned about page for the "what" and "why" of data breach alerts.

Development

Requirements

Node 8+ (with npm)
Postgres

Install

Clone and change to the directory:

git clone https://github.com/mozilla/blurts-server.git
cd blurts-server

Install dependencies:
```
npm install
```
Copy the .env-dist file to .env:
```
cp .env-dist .env
```

Run

Run the server:
```
npm start
```

Note: npm start uses onchange and nodemon to automatically detect file changes, re-compile static assets, and restart the express process. If you want more control, see the scripts section of package.json for more commands.

Navigate to localhost:6060/

Database

To create the database tables ...

Create the blurts database:

createdb blurts
createdb test-blurts # for tests

Update the DATABASE_URL value in your .env file with your local db credentials:
```
DATABASE_URL="postgres://<username>@localhost:<port>/blurts"
```
Run the migrations:
```
npm run db:migrate
```

Emails

The included .env-dist sets DEBUG_DUMMY_SMTP=1 which disables emails.

To send emails, you'll need to unset DEBUG_DUMMY_SMTP and supply real SMTP config values for sending email.

You can set and source these via the .env file, or set them directly:

export DEBUG_DUMMY_SMTP=
export SMTP_HOST=<your-smtp-host>
export SMTP_PORT=<your-smtp-port>
export SMTP_USERNAME=<your-username>
export SMTP_PASSWORD=<your-password>

Firefox Accounts

Subscribe with a Firefox Account is controlled via the FXA_ENABLED environment variable. (See .env-dist)

The repo comes with a development FxA oauth app pre-configured in .env, which should work fine running the app on http://localhost:6060

To use a different Firefox Accounts oauth relying party, you'll need to create an FxA Oauth Client and then set some OAUTH config values.

You can set and source these via the .env file:

OAUTH_CLIENT_ID=<your-fxa-oauth-client-id>
OAUTH_CLIENT_SECRET=<your-fxa-oauth-client-secret>
OAUTH_AUTHORIZATION_URI="https://oauth-stable.dev.lcip.org/v1/authorization"
OAUTH_PROFILE_URI="https://stable.dev.lcip.org/profile/v1/profile"
OAUTH_TOKEN_URI="https://oauth-stable.dev.lcip.org/v1/token"

Testing

The full test suite can be run via npm test.

Individual tests

To run individual tests, use NODE_ENV=tests and jest:

NODE_ENV=tests jest --runInBand tests/home.test.js

To run tests with interactive debugger lines enabled:

NODE_ENV=tests node inspect --harmony ./node_modules/.bin/jest tests/home.test.js

Lint

After installing the dependencies, you can lint the code by calling:

npm run lint

Deployment

Firefox Monitor Breach Alerts is designed with 12-factor methodology.

Deploy on Heroku

You will need to set some required environment variables on Heroku.

heroku config:set COOKIE_SECRET=unsafe-cookie-secret-for-heroku
heroku config:set DEBUG_DUMMY_SMTP=1

And any others, depending on the features you're running on Heroku - e.g., Email or Firefox Accounts.

Name	Latest commit message	Commit time
Failed to load latest commit information.
.circleci	circleci: deploy_static should run checkout	Feb 14, 2020
__mocks__	fix #1064 : mock sns-validator during tests	Jul 11, 2019
controllers	Fix #1540 - The same email can be added multiple times if the letter …	Feb 21, 2020
db	fix email_addresses.verified update	Feb 12, 2020
docs	Update analytics.md	Nov 19, 2019
lib	fix #1426 : handle HTTPError during getProfileData	Jan 6, 2020
loadtests	change loadtests to locust	Aug 28, 2018
locales	Merge pull request #1564 from mozilla/add-mobile-promo-strings	Feb 25, 2020
public	Fixed #1565 - Added optimized SlickWraps logo	Feb 24, 2020
routes	for #1412 : postResolveBreach updates	Jan 21, 2020
scripts	add START_PAGE feature to pre-fxa email script	Nov 21, 2019
template-helpers	Fix #1558 - Images on breach details pages	Feb 20, 2020
tests	fix email_addresses.verified update	Feb 12, 2020
views	Merge pull request #1548 from mozilla/add-resolve-breach-to-emails	Feb 18, 2020
.dockerignore	Removes version.json from the .dockerignore file.	Jun 8, 2018
.env-dist	default LOGOS_ORIGIN to empty value	Feb 12, 2020
.eslintignore	Credit sources and eslintignore polyfills	Sep 25, 2018
.eslintrc.js	for #55 : review fixes	Sep 21, 2018
.gitignore	for #172 : make npm and Docker use minifcation	Sep 21, 2018
.htmllintrc	Add attr-bans to .htmllintrc	Mar 12, 2018
.npmignore	fix #24 : add Travis and Coveralls	Feb 9, 2018
.stylelintrc	Ignore "selector-type-no-unknown" rule.	Sep 27, 2019
.travis.yml	Merge pull request #895 from pdehaan/issue-888	May 11, 2019
CODE_OF_CONDUCT.md	Add Mozilla Code of Conduct file	Mar 30, 2019
Dockerfile	npm update during docker build	Dec 13, 2019
LICENSE	Add LICENSE file and update package.json license	Jun 7, 2018
README.md	Update README to include information on creating a test database	Jul 11, 2019
app-constants.js	for #1469 : add LOGOS_ORIGIN to serve breach logos	Feb 12, 2020
basket.js	for #669 : check db array and catch basket error	Jan 2, 2019
email-utils.js	fix #1191 : consolidate and clean up utm_* params	Nov 22, 2019
hibp.js	Merge pull request #1481 from mozilla/rebased-add-resolved-properties…	Feb 10, 2020
l10n.toml	Update l10n linter to moz-l10n-lint	May 9, 2019
locale-utils.js	add script to send email to pre-fxa subscribers	Oct 31, 2019
log.js	for #55 : MOZLOG_FMT for formatting	Sep 21, 2018
middleware.js	Update email UTMs and review updates	Feb 13, 2020
package-lock.json	Update onchange devDependency to fix CI	Jan 11, 2020
package.json	Update onchange devDependency to fix CI	Jan 11, 2020
scan-results.js	Breach resolution dashboard updates - WIP	Jan 14, 2020
server.js	add cdn origin to CSP; add LOGOS_ORIGIN to context	Feb 18, 2020
sha1-utils.js	Remove .toUpperCase() from sha1()	Feb 14, 2019

mozilla / blurts-server

Join GitHub today

Clone with HTTPS

Downloading

Launching GitHub Desktop