search

mozilla / blurts-server

Mozilla Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.
https://monitor.mozilla.org
Mozilla Public License 2.0
711 stars 203 forks source link

Add real graphics for real breaches #140

Closed groovecoder closed 6 years ago

groovecoder commented 6 years ago

screen shot 2018-06-01 at 10 25 53 am

Fixing https://github.com/mozilla/blurts-server/issues/138 (in https://github.com/mozilla/blurts-server/pull/139) revealed that we are missing site images for most of the breaches.

STR:

  1. Go to ?breach=Dropbox

Expected Results:

The page should show with the Dropbox website logo next to the "Dropbox Breach" section

Actual Results:

Image is missing (request to /img/Dropbox.png is 404)

pdehaan commented 6 years ago

@groovecoder Do we have an endpoint which lists all breaches? I may be able to write a scraper which loops over each breach and reports any missing images...

pdehaan commented 6 years ago

Also, does this mean that with every new breach from HIBP, we'd need to upload a new image asset to the server and then do an emergency deploy?

pdehaan commented 6 years ago

Per https://github.com/mozilla/blurts-server/tree/master/public/img it looks like only 3 breaches will be non-404:

And not even LinkedIn works (the breach name is "LinkedIn", the image name is "Linkedin.png" — so looks like the OS is case sensitive).

I propose that since 2 out of 267 of the images will currently load successfully, we either:

a) hide the image b) right align the image, and attempt loading it as some div/span background image via CSS which hopefully fails a bit nicer.

pdehaan commented 6 years ago

Similarly, it looks like we're embedding the ~2.3 MB of logo assets into the blurts-addon... We could copy-pasta the images into this repo as well, or create some new, shared blurts-logos repo which has optimized+resized assets. Or, store the assets in some S3 CDN or something.

UPDATE: Alternatively, we could merge the add-on and server repos and just move all the add-on code into an /addon folder in this repo. It'd make asset sharing easier. Or, just have the add-on load the image assets from the server at runtime instead of embedding ~2.3MB of images into the add-on, in the off-chance the user will visit one of those sites.

pdehaan commented 6 years ago

Closing... I think @lesleyjanenorton expertly fixed this in #154. But I may file a new tracking issue for asset sharing between the addon+server, since that feels a bit janky to copy/pasta those files in 2 repos and could lead to inconsistency and problems when one set is optimized and the other isn't.

UPDATE: Filed #164.