Merge branch 'main' into mntor-3358-layout

.env

@@ -39,8 +39,7 @@ OAUTH_CLIENT_SECRET=get-this-from-groovecoder-or-fxmonitor-engineering
 OAUTH_AUTHORIZATION_URI=https://oauth.stage.mozaws.net/v1/authorization
 OAUTH_PROFILE_URI=https://profile.stage.mozaws.net/v1/profile
 OAUTH_TOKEN_URI=https://oauth.stage.mozaws.net/v1/token
-OAUTH_ACCOUNT_URI = "https://oauth.accounts.firefox.com/v1"
-OAUTH_API_URI="https://api-accounts.stage.mozaws.net/v1"
+OAUTH_ACCOUNT_URI="https://api-accounts.stage.mozaws.net/v1"
 
 # HIBP API for breach data
 # How many seconds to wait before refreshing upstream breach data from HIBP
@@ -111,7 +110,8 @@ E2E_TEST_BASE_URL=
 E2E_TEST_ACCOUNT_EMAIL=
 E2E_TEST_ACCOUNT_PASSWORD=
 
-E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES=
+E2E_TEST_ACCOUNT_EMAIL_ZERO_BROKERS=
+E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES_ZERO_BROKERS=
 E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED=
 
 E2E_TEST_PAYPAL_LOGIN =

.env.local.example

@@ -26,7 +26,8 @@ DATABASE_URL="postgres://blurts:blurts@localhost:5432/blurts"
 # Set these to be able to run end-to-end tests locally
 E2E_TEST_ACCOUNT_EMAIL=
 E2E_TEST_ACCOUNT_PASSWORD=
-E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES=
+E2E_TEST_ACCOUNT_EMAIL_ZERO_BROKERS=
+E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES_ZERO_BROKERS=
 E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED=
 E2E_TEST_PAYPAL_LOGIN =
 E2E_TEST_PAYPAL_PASSWORD =
@@ -58,18 +59,17 @@ NEXT_PUBLIC_SENTRY_DSN=https://[email protected].
 # SubPlat product and plan IDs, used for Plus subscriptions:
 PREMIUM_PRODUCT_ID=prod_NErZh679W62lai
 PREMIUM_PLAN_ID_MONTHLY_US=price_1MUNq0Kb9q6OnNsL4BoJgepf
-PREMIUM_PLAN_ID_YEARLY_US=price_1MUNq0Kb9q6OnNsL4BoJgepf
+PREMIUM_PLAN_ID_YEARLY_US=price_1NvqawKb9q6OnNsLRTnYrtrV
 
 # Mozilla Accounts URLs
 FXA_SUBSCRIPTIONS_URL=https://accounts.stage.mozaws.net/subscriptions
 FXA_SETTINGS_URL=https://accounts.stage.mozaws.net/settings
 OAUTH_CLIENT_ID=edd29a80019d61a1
-OAUTH_API_URI="https://api-accounts.stage.mozaws.net/v1"
 # Set based on https://accounts.stage.mozaws.net/.well-known/openid-configuration
 OAUTH_AUTHORIZATION_URI=https://accounts.stage.mozaws.net/authorization
 OAUTH_PROFILE_URI=https://profile.stage.mozaws.net/v1/profile
 OAUTH_TOKEN_URI=https://oauth.stage.mozaws.net/v1/token
-OAUTH_ACCOUNT_URI = "https://oauth.accounts.firefox.com/v1"
+OAUTH_ACCOUNT_URI=https://oauth.stage.mozaws.net/v1
 
 # Which environment to run end-to-end tests against:
 E2E_TEST_ENV=local

.github/workflows/build.yaml

@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.3.x'
+          node-version: '22.4.x'
       - run: npm ci
       - run: npm run build-glean
       # Verify that the build (incl. type-checking) succeeds

.github/workflows/e2e_cron.yml

@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 22.3
+          node-version: 22.4
 
       - name: Install dependencies
         run: npm ci

.github/workflows/e2e_pr.yml

@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 22.3
+          node-version: 22.4
 
       - name: Install dependencies
         run: npm ci
@@ -63,16 +63,17 @@ jobs:
         run: npm run e2e:smoke
         timeout-minutes: 10
         env:
-          E2E_TEST_ENV: ${{ inputs.environment != null && inputs.environment || 'local' }}
-          E2E_TEST_BASE_URL: ${{ secrets.E2E_TEST_BASE_URL }}
+          E2E_TEST_ENV: local
+          E2E_TEST_BASE_URL: http://localhost:6060
           E2E_TEST_ACCOUNT_EMAIL: ${{ secrets.E2E_TEST_ACCOUNT_EMAIL }}
           E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES: ${{ secrets.E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES }}
           E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED: ${{ secrets.E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED }}
           E2E_TEST_ACCOUNT_PASSWORD: ${{ secrets.E2E_TEST_ACCOUNT_PASSWORD }}
           E2E_TEST_PAYPAL_LOGIN:  ${{ secrets.E2E_TEST_PAYPAL_LOGIN }}
           E2E_TEST_PAYPAL_PASSWORD: ${{ secrets.E2E_TEST_PAYPAL_PASSWORD }}
           ADMINS: ${{ secrets.ADMINS }}
-          OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }}
+          OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET_LOCAL }}
+          OAUTH_ACCOUNT_URI: ${{ secrets.OAUTH_ACCOUNT_URI }}
           ONEREP_API_KEY: ${{ secrets.ONEREP_API_KEY }}
           NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
           NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}

.github/workflows/lint.yaml

@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.3.x'
+          node-version: '22.4.x'
       - run: npm ci
       - run: npm run build-glean
       - run: npm run build-nimbus

.github/workflows/preview_deploy_gcp.yml

@@ -63,7 +63,6 @@ jobs:
           NEXTAUTH_URL= ${{ secrets.NEXTAUTH_URL }}
           NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}
           OAUTH_ACCOUNT_URI=${{ secrets.OAUTH_ACCOUNT_URI }}
-          OAUTH_API_URI=${{ secrets.OAUTH_API_URI }}
           OAUTH_CLIENT_ID=${{ secrets.OAUTH_CLIENT_ID }}
           OAUTH_CLIENT_SECRET=${{ secrets.OAUTH_CLIENT_SECRET }}
           ONEREP_API_KEY=${{ secrets.ONEREP_API_KEY }}

.github/workflows/production_deploy.yml

@@ -0,0 +1,40 @@
+name: Monitor 1-click Deployment
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to deploy to'
+        required: true
+        default: 'prod'
+        type: choice
+        options:
+          - stage
+          - prod
+      originalImageTag:
+        description: 'The original image tag that has been deployed to dockerhub'
+        required: true
+        type: string
+env:
+  DOCKER_IMAGE_NAME: mozilla/blurts-server
+jobs:
+  pull_retag_push:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Pull Docker image
+        run: docker pull ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.originalImageTag }}
+
+      - name: Retag image
+        run: docker tag ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.originalImageTag }} ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.environment }}-${{ inputs.originalImageTag }}
+
+      - name: Redeploy image
+        run: docker push ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.environment }}-${{ inputs.originalImageTag }}

.github/workflows/unittests.yaml

@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.3.x'
+          node-version: '22.4.x'
       - run: npm ci
       - run: npm run build-glean
       - run: npm test

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22.3-alpine
+FROM node:22.4-alpine
 
 RUN addgroup -g 10001 app && \
     adduser -D -G app -h /app -u 10001 app

Dockerfile.cloudrun

@@ -1,4 +1,4 @@
-FROM node:22.3-alpine
+FROM node:22.4-alpine
 
 RUN addgroup -g 10001 app && \
     adduser -D -G app -h /app -u 10001 app

README.md

@@ -145,6 +145,8 @@ Monitor uses GCP PubSub for processing incoming breach data, this can be tested
 gcloud beta emulators pubsub start --project=your-project-name
 ```
 
+(Set `your-project-name` as the value for `GCP_PUBSUB_PROJECT_ID` in your `.env.local`.)
+
 ### In a different shell, set the environment to point at the emulator and run Monitor in dev mode:
 
 ```sh
@@ -160,10 +162,13 @@ curl -d '{ "breachName": "000webhost", "hashPrefix": "test", "hashSuffixes": ["t
   http://localhost:6060/api/v1/hibp/notify
 ```
 
+This emulates HIBP notifying our API that a new breach was found. Our API will
+then add it to the (emulated) pubsub queue.
+
 ### This pubsub queue will be consumed by this cron job, which is responsible for looking up and emailing impacted users:
 
 ```sh
-node src/scripts/emailBreachAlerts.js
+npm run dev:cron:breach-alerts
 ```
 
 ### Emails

config/nimbus.yaml

@@ -47,3 +47,40 @@ features:
         value: { "enabled": false }
       - channel: production
         value: { "enabled": false }
+  landing-page-free-scan-cta:
+    description: Landing page free scan CTA
+    variables:
+      enabled:
+        description: If the feature is enabled
+        type: Boolean
+        default: false
+      variant:
+        description: The CTA variant to show
+        type: FreeScanCtaType
+        default: ctaWithEmail
+    defaults:
+      - channel: local
+        value: {
+          "enabled": false,
+          "variant": ctaWithEmail,
+        }
+      - channel: staging
+        value: {
+          "enabled": false,
+          "variant": ctaWithEmail,
+        }
+      - channel: production
+        value: {
+          "enabled": false,
+          "variant": ctaWithEmail,
+        }
+enums:
+  FreeScanCtaType:
+    description: An enum of free scan CTA types
+    variants:
+      ctaWithEmail:
+        description: Show a CTA button with an optional email input
+      ctaOnly:
+        description: Only show a CTA button with the label “Get free scan”
+      ctaOnlyAlternativeLabel:
+        description: Only show a CTA button with the label “Sign in to get free scan”

esbuild.cronjobs.js

@@ -21,6 +21,6 @@ build({
   format: "esm",
   outdir: "dist/scripts/cronjobs/",
   sourcemap: true,
-  target: "node22.3",
+  target: "node22.4",
   packages: "external",
 });

locales/cs/dashboard.ftl

@@ -139,6 +139,6 @@ dashboard-top-banner-monitor-more-cta = Monitorovat více e-mailů
 # About Exposure Indicators Modal
 
 modal-exposure-status-description-all = Hledáme úniky údajů ve všech známých únicích. Vaše odhalení bude mít jeden z následujících stavů:
-modal-exposure-indicator-title = Stavy kontaktů
-modal-exposure-indicator-action-needed = K dokončení akce je vyžadována pokročilá nebo ruční akce.
-modal-exposure-indicator-fixed = Problém byl vyřešen a vy už nemusíte podnikat žádné kroky.
+modal-exposure-indicator-title = Stavy odhalení
+modal-exposure-indicator-action-needed = K dokončení akce je nutná pokročilá nebo ruční akce.
+modal-exposure-indicator-fixed = Odhalení bylo vyřešeno a vy už nemusíte podnikat žádné kroky.

locales/cs/landing-all.ftl

@@ -3,14 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 public-nav-name = { -brand-mozilla-monitor }
-
 landing-all-hero-title = Zjistěte, kde jsou vaše soukromé informace odhalené — a vezměte si je zpět
 landing-all-hero-lead = Prověřujeme úniky údajů a zjišťujeme, zda nedošlo k úniku vašich údajů. Následně vám nabízíme kroky k nápravě.
-
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Zadejte svou e-mailovou adresu a zkontrolujte, zda nedošlo k úniku údajů.
 landing-all-hero-emailform-submit-label = Zkontrolovat
-
+landing-all-hero-emailform-submit-sign-in-label = Pro skenování zdarma se přihlaste
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = odhalení
 
@@ -66,7 +64,5 @@ landing-all-help-protect-you-feature-one = Vyhledáme vás ve všech známých p
 landing-all-help-protect-you-feature-two = Provedeme vás kroky k vyřešení každého úniku.
 landing-all-help-protect-you-feature-three = Průběžně budeme monitorovat a zasílat vám upozornění na nové úniky.
 landing-all-help-protect-you-cta = Přihlásit se k odběru upozornění na úniky
-
 landing-all-get-started = Zadejte svou e-mailovou adresu a začněte
 landing-all-take-back-data = Získejte opět kontrolu nad svými údaji
-

locales/cy/landing-all.ftl

@@ -3,14 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 public-nav-name = { -brand-mozilla-monitor }
-
 landing-all-hero-title = Canfod lle mae'ch manylion preifat yn cael eu rhyddhau — a'u cipio nôl
 landing-all-hero-lead = Rydym yn sganio tor-data i weld a yw'ch data wedi'u datgelu ac yn cynnig camau i chi i'w drwsio.
-
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Rhowch eich cyfeiriad e-bost i wirio am ddatguddiadau tor-data.
 landing-all-hero-emailform-submit-label = Cael sgan am ddim
-
+landing-all-hero-emailform-submit-sign-in-label = Mewngofnodwch i gael sgan am ddim
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = datgeliadau
 
@@ -72,7 +70,5 @@ landing-all-help-protect-you-feature-one = Byddwn yn chwilio amdanoch ym mhob ac
 landing-all-help-protect-you-feature-two = Byddwn yn eich arwain trwy'r camau i ddatrys pob tor-data
 landing-all-help-protect-you-feature-three = Byddwn yn monitro ac yn anfon rhybuddion atoch yn barhaus am unrhyw dor-data newydd
 landing-all-help-protect-you-cta = Cofrestrwch am rybuddion tor-data
-
 landing-all-get-started = Sganiwch eich e-bost i ddechrau
 landing-all-take-back-data = Ail feddiannwch eich rheolaeth o'ch data
-

locales/de/landing-all.ftl

@@ -3,14 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 public-nav-name = { -brand-mozilla-monitor }
-
 landing-all-hero-title = Finden Sie heraus, wo Ihre persönlichen Daten offengelegt wurden – und holen Sie sie zurück
 landing-all-hero-lead = Wir untersuchen Datenlecks, um zu sehen, ob Ihre Daten offengelegt wurden, und zeigen Ihnen die Schritte, um das Problem zu beheben.
-
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Geben Sie Ihre E-Mail-Adresse ein, um sie auf Datenlecks zu überprüfen.
 landing-all-hero-emailform-submit-label = Kostenloser Scan
-
+landing-all-hero-emailform-submit-sign-in-label = Melden Sie sich an, um einen kostenlosen Scan zu erhalten
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = Offenlegungen
 
@@ -64,7 +62,5 @@ landing-all-help-protect-you-feature-one = Wir suchen in allen bekannten Datenle
 landing-all-help-protect-you-feature-two = Wir führen Sie durch die Schritte zur Behebung jedes einzelnen Datenlecks
 landing-all-help-protect-you-feature-three = Wir führen unser Monitoring kontinuierlich durch und warnen Sie bei allen neuen Datenlecks
 landing-all-help-protect-you-cta = Melden Sie sich an, um Warnungen bei Datenlecks zu erhalten
-
 landing-all-get-started = Scannen Sie Ihre E-Mail-Adresse, um loszulegen
 landing-all-take-back-data = Holen Sie sich die Kontrolle über Ihre Daten zurück
-

locales/el/landing-all.ftl

@@ -3,14 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 public-nav-name = { -brand-mozilla-monitor }
-
 landing-all-hero-title = Μάθετε πού εκτίθενται οι προσωπικές σας πληροφορίες και ανακτήστε τις
 landing-all-hero-lead = Σαρώνουμε τις παραβιάσεις δεδομένων για να δούμε εάν έχουν διαρρεύσει τα δεδομένα σας και σας παρέχουμε μέτρα για τη διόρθωσή τους.
-
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Εισαγάγετε τη διεύθυνση email σας για να ελέγξετε εάν έχει εκτεθεί σε παραβιάσεις δεδομένων.
 landing-all-hero-emailform-submit-label = Δωρεάν σάρωση
-
+landing-all-hero-emailform-submit-sign-in-label = Συνδεθείτε για να λάβετε τη δωρεάν σάρωση
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = εκθέσεις
 
@@ -62,7 +60,5 @@ landing-all-help-protect-you-feature-one = Θα κάνουμε αναζήτησ
 landing-all-help-protect-you-feature-two = Θα σας καθοδηγήσουμε στα βήματα για την επίλυση κάθε παραβίασης
 landing-all-help-protect-you-feature-three = Θα παρακολουθούμε συνεχώς και θα σας ειδοποιούμε για τυχόν νέες παραβιάσεις
 landing-all-help-protect-you-cta = Εγγραφή για ειδοποιήσεις παραβιάσεων
-
 landing-all-get-started = Σαρώστε το email σας για να ξεκινήσετε
 landing-all-take-back-data = Ανακτήστε τον έλεγχο των δεδομένων σας
-

locales/en-GB/landing-all.ftl

@@ -3,14 +3,12 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 public-nav-name = { -brand-mozilla-monitor }
-
 landing-all-hero-title = Find where your private info is exposed — and take it back
 landing-all-hero-lead = We scan data breaches to see if your data has been leaked and give you steps to fix it.
-
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Enter your email address to check for data breach exposures.
 landing-all-hero-emailform-submit-label = Get free scan
-
+landing-all-hero-emailform-submit-sign-in-label = Sign in to get free scan
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = exposures
 
@@ -62,7 +60,5 @@ landing-all-help-protect-you-feature-one = We’ll search for you in all known d
 landing-all-help-protect-you-feature-two = We’ll guide you through the steps to resolve each breach
 landing-all-help-protect-you-feature-three = We’ll continuously monitor and send you alerts for any new breaches
 landing-all-help-protect-you-cta = Sign up for breach alerts
-
 landing-all-get-started = Scan your email to get started
 landing-all-take-back-data = Take back control of your data
-

locales/en/landing-all.ftl

@@ -10,6 +10,7 @@ landing-all-hero-lead = We scan data breaches to see if your data has been leake
 landing-all-hero-emailform-input-placeholder = [email protected]
 landing-all-hero-emailform-input-label = Enter your email address to check for data breach exposures.
 landing-all-hero-emailform-submit-label = Get free scan
+landing-all-hero-emailform-submit-sign-in-label = Sign in to get free scan
 
 # This is a label underneath a big number "14" - it's an image that demos Monitor.
 landing-all-hero-image-chart-label = exposures